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PREFACE ix 


offenders, when it comes to celebrating the uselessness of their subject, have been 
number theorists themselves. G. H. Hardy, the best known figure of 20th century 
British mathematics, once wrote, “Both Gauss and lesser mathematicians may be 
justified in rejoicing that there is one science at any rate, and that their own, whose 
very remoteness from ordinary human activities should keep it clean and gentle.” 
The prominent role that this “clean and gentle” science played in the public-key 
cryptosystems (Section 10.1) may serve as something of a reply to Hardy. Leaving 
practical applications aside, the importance of number theory derives from its central 
position in mathematics; its concepts and problems have been instrumental in the 
creation of large parts of mathematics. Few branches of the discipline have absolutely 
no connection with the theory of numbers. 

The past few years have seen a dramatic shift in focus in the undergraduate 
curriculum away from the more abstract areas of mathematics and toward applied 
and computational mathematics. With the increasing latitude in course choices, 
one commonly encounters the mathematics major who knows little or no number 
theory. This is especially unfortunate, because the elementary theory of numbers 
should be one of the very best subjects for early mathematical instruction. It requires 
no long preliminary training, the content is tangible and familiar, and—more than 
in any other part of mathematics—the methods of inquiry adhere to the scientific 
approach. The student working in the field must rely to a large extent upon trial 
and error, in combination with his or her own curiosity, intuition, and ingenuity; 
nowhere else in the mathematical disciplines is rigorous proof so often preceded by 
patient, plodding experiment. If the going occasionally becomes slow and difficult, 
one can take comfort in knowing that nearly every noted mathematician of the past 
has traveled the same arduous road. 

There is a dictum that anyone who desires to get at the root of a subject should 
first study its history. Endorsing this, we have taken pains to fit the material into the 
larger historical frame. In addition to enlivening the theoretical side of the text, the 
historical remarks woven into the presentation bring out the point that number theory 
is not a dead art, but a living one fed by the efforts of many practitioners. They reveal 
that the discipline developed bit by bit, with the work of each individual contributor 
built upon the research of many others; often centuries of endeavor were required 
before significant steps were made. A student who is aware of how people of genius 
stumbled and groped their way through the creative process to arrive piecemeal at 
their results is less likely to be discouraged by his or her own fumblings with the 
homework problems. 

A word about the problems. Most sections close with a substantial number of 
them ranging in difficulty from the purely mechanical to challenging theoretical 
questions. These are an integral part of the book and require the reader’s active 
participation, for nobody can learn number theory without solving problems. The 
computational exercises develop basic techniques and test understanding of con- 
cepts, whereas those of a theoretical nature give practice in constructing proofs. 
Besides conveying additional information about the material covered earlier, the 
problems introduce a variety of ideas not treated in the body of the text. We have on 
the whole resisted the temptation to use the problems to introduce results that will 
be needed thereafter. As a consequence, the reader need not work all the exercises 
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Plato said, “God is a geometer.” Jacobi changed this to, “God is an arithmetician.” Then 
came Kronecker and fashioned the memorable expression, “God created the natural 
numbers, and all the rest is the work of man.” 

FELIX KLEIN 


The purpose of this volume is to give a simple account of classical number theory and 
to impart some of the historical background in which the subject evolved. Although 
primarily intended for use as a textbook in a one-semester course at the undergraduate 
level, it is designed to be used in teachers’ institutes or as supplementary reading 
in mathematics survey courses. The work is well suited for prospective secondary 
school teachers for whom a little familiarity with number theory may be particularly 
helpful. 

The theory of numbers has always occupied a unique position in the world of 
mathematics. This is due to the unquestioned historical importance of the subject: it 
is one of the few disciplines having demonstrable results that predate the very idea 
of a university or an academy. Nearly every century since classical antiquity has 
witnessed new and fascinating discoveries relating to the properties of numbers; and, 
at some point in their careers, most of the great masters of the mathematical sciences 
have contributed to this body of knowledge. Why has number theory held such an 
irresistible appeal for the leading mathematicians and for thousands of amateurs? 
One answer lies in the basic nature of its problems. Although many questions in the 
field are extremely hard to decide, they can be formulated in terms simple enough 
to arouse the interest and curiosity of those with little mathematical training. Some 
of the simplest sounding questions have withstood intellectual assaults for ages and 
remain among the most elusive unsolved problems in the whole of mathematics. 

It therefore comes as something of a surprise to find that many students look 
upon number theory with good-humored indulgence, regarding it as a frippery on 
the edge of mathematics. This no doubt stems from the widely held view that it 
is the purest branch of pure mathematics and from the attendant suspicion that it 
can have few substantive applications to real-world problems. Some of the worst 
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in order to digest the rest of the book. Problems whose solutions do not appear 
straightforward are frequently accompanied by hints. 

The text was written with the mathematics major in mind; it is equally valuable 
for education or computer science majors minoring in mathematics. Very little is 
demanded in the way of specific prerequisites. A significant portion of the book can be 
profitably read by anyone who has taken the equivalent of a first-year college course 
in mathematics. Those who have had additional courses will generally be better 
prepared, if only because of their enhanced mathematical maturity. In particular, a 
knowledge of the concepts of abstract algebra is not assumed. When the book is 
used by students who have had an exposure to such matter, much of the first four 
chapters can be omitted. 

Our treatment is structured for use in a wide range of number theory courses, of 
varying length and content. Even acursory glance at the table of contents makes plain 
that there is more material than can be conveniently presented in an introductory 
one-semester course, perhaps even enough for a full-year course. This provides 
flexibility with regard to the audience and allows topics to be selected in accordance 
with personal taste. Experience has taught us that a semester-length course having 
the Quadratic Reciprocity Law as a goal can be built up from Chapters 1 through 9. 
It is unlikely that every section in these chapters need be covered; some or all of 
Sections 5.4, 6.2, 6.3, 6.4, 7.4, 8.3, 8.4, and 9.4 can be omitted from the program 
without destroying the continuity in our development. The text is also suited to 
serve a quarter-term course or a six-week summer session. For such shorter courses, 
segments of further chapters can be chosen after completing Chapter 4 to construct 
a rewarding account of number theory. 

Chapters 10 through 16 are almost entirely independent of one another and so 
may be taken up or omitted as the instructor wishes. (Probably most users will want 
to continue with parts of Chapter 10, while Chapter 14 on Fibonacci numbers seems 
to be a frequent choice.) These latter chapters furnish the opportunity for additional 
reading in the subject, as well as being available for student presentations, seminars, 
or extra-credit projects. 

Number theory is by nature a discipline that demands a high standard of rigor. 
Thus, our presentation necessarily has its formal aspect, with care taken to present 
clear and detailed arguments. An understanding of the statement of a theorem, not 
the proof, is the important issue. But a little perseverance with the demonstration 
will reap a generous harvest, for our hope is to cultivate the reader’s ability to follow 
a causal chain of facts, to strengthen intuition with logic. Regrettably, it is all too 
easy for some students to become discouraged by what may be their first intensive 
experience in reading and constructing proofs. An instructor might ease the way 
by approaching the beginnings of the book at a more leisurely pace, as well as 
restraining the urge to attempt all the interesting problems. 


NEW TO THIS EDITION 


Readers familiar with the previous edition will find that this one has the same general 
organization and content. Nevertheless, the preparation of this seventh edition has 
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provided the opportunity for making a number of small improvements and several 
more significant ones. 

The advent and general accessibility of fast computers have had a profound ef- 
fect on almost all aspects of number theory. This influence has been particularly felt 
in the areas of primality testing, integers factorization, and cryptographic applica- 
tions. Consequently, the discussion of public key cryptosystems has been expanded 
and furnished with an additional illustration. The knapsack cryptosystem has like- 
wise been given a further example. The most notable difference between the present 
edition and the previous one is the inclusion, in Chapter 15, of a new section deal- 
ing with Farey fractions. The notion provides a straightforward means of closely 
approximating irrational numbers by rational values. (Its location should not deter 
the reader from taking up the topic earlier.) 

There are other, less pronounced but equally noteworthy, changes in the text. The 
concept of universal quadratics is briefly introduced in Section 13.3, and Bernoulli 
numbers receive some attention in Section 16.4. Also, the ever-expanding list of 
Mersenne numbers has been moved from the narrative of the text to Table 6 in the 
Tables section of the Appendixes. 
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PRELIMINARIES 


Number was born in superstition and reared in mystery, ... numbers were once 
made the foundation of religion and philosophy, and the tricks of figures 

have had a marvellous effect on a credulous people. 

F. W. PARKER 


1.1 MATHEMATICAL INDUCTION 


The theory of numbers is concerned, at least in its elementary aspects, with properties 
of the integers and more particularly with the positive integers 1, 2, 3,...(also 
known as the natural numbers). The origin of this misnomer harks back to the 
early Greeks for whom the word number meant positive integer, and nothing else. 
The natural numbers have been known to us for so long that the mathematician 
Leopold Kronecker once remarked, “God created the natural numbers, and all the 
rest is the work of man.” Far from being a gift from Heaven, number theory has 
had a long and sometimes painful evolution, a story that is told in the ensuing 
pages. 

We shall make no attempt to construct the integers axiomatically, assuming 
instead that they are already given and that any reader of this book is familiar with 
many elementary facts about them. Among these is the Well-Ordering Principle, 
stated here to refresh the memory. 


Well-Ordering Principle. Every nonempty set S of nonnegative integers contains a 
least element; that is, there is some integer a in S such that a < b for all b’s belonging 
to S. 
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Because this principle plays a critical role in the proofs here and in subsequent 
chapters, let us use it to show that the set of positive integers has what is known as 
the Archimedean property. 


Theorem 1.1 Archimedean property. If a and b are any positive integers, then 
there exists a positive integer n such that na > b. 


Proof. Assume that the statement of the theorem is not true, so that for some a and b, 
na < b for every positive integer n. Then the set 


S = {b — na | na positive integer} 


consists entirely of positive integers. By the Well-Ordering Principle, S will possess a 
least element, say, b — ma. Notice that b — (m + 1)a also lies in S, because S contains 
all integers of this form. Furthermore, we have 


b—(m+ l)a = (b—ma)—a<b-—ma 


contrary to the choice of b — ma as the smallest integer in S$. This contradiction arose 
out of our original assumption that the Archimedean property did not hold; hence, this 
property is proven true. 


With the Well-Ordering Principle available, it is an easy matter to derive the First 
Principle of Finite Induction, which provides a basis for a method of proof called 
mathematical induction. Loosely speaking, the First Principle of Finite Induction 
asserts that if a set of positive integers has two specific properties, then it is the set 
of all positive integers. To be less cryptic, we state this principle in Theorem 1.2. 


Theorem 1.2 First Principle of Finite Induction. Let S be a set of positive integers 
with the following properties: 


(a) The integer 1 belongs to S. 
(b) Whenever the integer k is in S, the next integer k + 1 must also be in S. 


Then S is the set of all positive integers. 


Proof. Let T be the set of all positive integers not in S$, and assume that T is nonempty. 
The Well-Ordering Principle tells us that T possesses a least element, which we denote 
by a. Because 1 is in S, certainly a > 1, and so 0 < a — 1 <a. The choice of a as the 
smallest positive integer in T implies that a — 1 is not a member of 7, or equivalently 
that a — 1 belongs to S. By hypothesis, S must also contain (a — 1) + 1 =a, which 
contradicts the fact that a lies in T. We conclude that the set T is empty and in 
consequence that S contains all the positive integers. 


Here is a typical formula that can be established by mathematical induction: 


2 _ n(2n + vi +1) “is 


forn = 1,2,3,.... In anticipation of using Theorem 1.2, let S denote the set of 
all positive integers n for which Eq. (1) is true. We observe that when n = 1, the 


742743? 4..-4n 
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formula becomes 
= 124+1)d +1) = 
= a =— 


This means that 1 is in S. Next, assume that k belongs to S (where k is a fixed but 
unspecified integer) so that 


1? 1 


_ kk + 1k +1) 
= 6 


To obtain the sum of the first k + 1 squares, we merely add the next one, (k + 1)’, 
to both sides of Eq. (2). This gives 


42743? 4.---4+8 (2) 


k(2k + 1)(k + 1) 
6 

After some algebraic manipulation, the right-hand side becomes 

k(2k + 1)+ 6(k +1 2k? + 7k + 6 

eee Sy reed 


P4+24-.-4V+(k+1P = +(k +1 


a+] 


(K+ 12k +. 3k +2) 
= 6 


which is precisely the right-hand member of Eq. (1) whenn = k + 1. Our reasoning 
shows that the set S contains the integer k + 1 whenever it contains the integer k. 
By Theorem 1.2, S must be all the positive integers; that is, the given formula is true 
fort jth 7 <3) ess. 

Although mathematical induction provides a standard technique for attempting 
to prove a statement about the positive integers, one disadvantage is that it gives no 
aid in formulating such statements. Of course, if we can make an “educated guess” 
at a property that we believe might hold in general, then its validity can often be 
tested by the induction principle. Consider, for instance, the list of equalities 


1=1 
1+2=3 
P22? 7 


14+2+4+274+2? =15 
L426 224242) = 31 
14+24+274+234+244+25 =63 
We seek a rule that gives the integers on the right-hand side. After a little reflection, 
the reader might notice that 
La2= 1. S215 a2 
1520S Sha Pas 63. at 


(How one arrives at this observation is hard to say, but experience helps.) The pattern 
emerging from these few cases suggests a formula for obtaining the value of the 
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expression 1 + 2+ 27+ 23+.--.-+27-!; namely, 
jE Ras pee ge eran a erat me (3) 


for every positive integer n. 

To confirm that our guess is correct, let S be the set of positive integers n for 
which Eq. (3) holds. For n = 1, Eq. (3) is certainly true, whence 1 belongs to the set 
S. We assume that Eq. (3) is true for a fixed integer k, so that for this k 


Ue ee as a yay ee 


and we attempt to prove the validity of the formula for k + 1. Addition of the term 
2* to both sides of the last-written equation leads to 


14242? 4+...42% 149% — 2-1 42% 
a2 PS 1S 2) = 1 


But this says that Eq. (3) holds when n = k + 1, putting the integer k + 1 in S so 
that k + 1 is in S whenever k is in S. According to the induction principle, S must 
be the set of all positive integers. 


Remark. When giving induction proofs, we shall usually shorten the argument by 
eliminating all reference to the set S, and proceed to show simply that the result in 
question is true for the integer 1, and if true for the integer k is then also true fork + 1. 


We should inject a word of caution at this point, to wit, that one must be careful 
to establish both conditions of Theorem 1.2 before drawing any conclusions; neither 
is sufficient alone. The proof of condition (a) is usually called the basis for the 
induction, and the proof of (b) is called the induction step. The assumptions made in 
carrying out the induction step are known as the induction hypotheses. The induction 
situation has been likened to an infinite row of dominoes all standing on edge and 
arranged in such a way that when one falls it knocks down the next in line. If either 
no domino is pushed over (that is, there is no basis for the induction) or if the spacing 
is too large (that is, the induction step fails), then the complete line will not fall. 

The validity of the induction step does not necessarily depend on the truth of 
the statement that one is endeavoring to prove. Let us look at the false formula 


14+34+54+---+(2n-l =n’ +3 (4) 
Assume that this holds for n = k; in other words, 
14+34+54+---+2k-D=kh 43 
Knowing this, we then obtain 
14+34+54+---4+(Q2k—-1)4+(2k4+) =k? 4+342k41 
= (k +1)? +3 


which is precisely the form that Eq. (4) should take when n =k + 1. Thus, if 
Eq. (4) holds for a given integer, then it also holds for the succeeding integer. It 
is not possible, however, to find a value of n for which the formula is true. 
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There is a variant of the induction principle that is often used when Theorem 1.2 
alone seems ineffective. As with the first version, this Second Principle of Finite In- 
duction gives two conditions that guarantee a certain set of positive integers actually 
consists of all positive integers. This is what happens: we retain requirement (a), but 
(b) is replaced by 


(b’) Ifk is a positive integer such that 1, 2,..., k belong to S, then k + 1 must also 
be in S. 


The proof that S consists of all positive integers has the same flavor as that of 
Theorem 1.2. Again, let T represent the set of positive integers not in S$. Assuming 
that T is nonempty, we choose n to be the smallest integer in JT. Then n > 1, 
by supposition (a). The minimal nature of n allows us to conclude that none of the 
integers 1,2,..., — 1 liesin T, or, if we prefer a positive assertion, 1, 2,...,n — 1 
all belong to S. Property (b’) then puts n = (nm — 1) + 1 in S, which is an obvious 
contradiction. The result of all this is to make T empty. 

The First Principle of Finite Induction is used more often than is the Second; 
however, there are occasions when the Second is favored and the reader should be 
familiar with both versions. It sometimes happens that in attempting to show that 
k + 1is a member of S, we require proof of the fact that not only k, but all positive 
integers that precede k, lie in S. Our formulation of these induction principles has 
been for the case in which the induction begins with 1. Each form can be generalized 
to start with any positive integer ng. In this circumstance, the conclusion reads as 
“Then S is the set of all positive integers n > no.” 

Mathematical induction is often used as a method of definition as well as a 
method of proof. For example, a common way of introducing the symbol n! (pro- 
nounced “n factorial”) is by means of the inductive definition 


(a) 1! 
(b) n! 


if 
n-(n—1)! forn > 1. 


This pair of conditions provides a rule whereby the meaning of n! is specified for 
each positive integer n. Thus, by (a), 1! = 1; (a) and (b) yield 


DD el a eel 
while by (b), again, 
Sha 3 ea 3 I 


Continuing in this manner, using condition (b) repeatedly, the numbers 1!, 2!, 3!,..., 
n! are defined in succession up to any chosen n. In fact, 


n!=n-(n—1)---3-2-1 


Induction enters in showing that n!, as a function on the positive integers, exists and 
is unique; however, we shall make no attempt to give the argument. 

It will be convenient to extend the definition of n! to the case in which n = 0 
by stipulating that 0! = 1. 
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Example 1.1. To illustrate a proof that requires the Second Principle of Finite Induc- 
tion, consider the so-called Lucas sequence: 


1334; 7, 11,18, 29,4776, i 


Except for the first two terms, each term of this sequence is the sum of the preceding 
two, so that the sequence may be defined inductively by 


a\ = 1 
a2 =5 
An = An—1 + Gn-2 for alln > 3 


We contend that the inequality 
An < (7/4)" 


holds for every positive integer n. The argument used is interesting because in the 
inductive step, it is necessary to know the truth of this inequality for two successive 
values of n to establish its truth for the following value. 

First of all, forn = 1 and 2, we have 


a,)=1<(7/4)=7/4 and ay =3 < (7/4) = 49/16 


whence the inequality in question holds in these two cases. This provides a basis for 
the induction. For the induction step, choose an integer k > 3 and assume that the 
inequality is valid forn = 1,2,...,k — 1. Then, in particular, 


ap-1 < (7/41 and ap-2 < (7/4) 
By the way in which the Lucas sequence is formed, it follows that 
Oy = Ag—1 + Ax-2 < 1/4)! + 1/4)? 
= (7/4) *(7/4 + 1) 
= (7/4)**(11/4) 
< (7/4) 77/4 = (7/4) 


Because the inequality is true for n = k whenever it is true for the integers 1, 2,..., 
k — 1, we conclude by the second induction principle that a, < (7/4)" for alln > ia 


Among other things, this example suggests that if objects are defined inductively, 
then mathematical induction is an important tool for establishing the properties of 
these objects. 


PROBLEMS 1.1 
1. Establish the formulas below by mathematical induction: 
(a) 14+24+34+---+n= “ » for alln > 1. 


(b) 1+3+5+4+---+(2n—1) =n’ foralln > 1. 
n(n + 1) + 2) 


(c) 1-24+2-343-44+---+n(n4+1) = 3 


for alln > 1. 


SN 


10. 


11. 
12. 
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2n — 1)(2n +1 
(d) PHBE S2 + On 1? = MOET D for atta > 


yn? 
(e) +P 434-40 = ("EEO for alln > 1. 


. Ifr 4 1, show that for any positive integer n, 


ode N eee to nes Ceara) 
a r—1 


. Use the Second Principle of Finite Induction to establish that for all n > 1, 


oo ANS (Gaia he a ee ae) 
[Hint: a"t! —1 = (a + 1\(a" — 1) — aa"! - 1).] 


. Prove that the cube of any integer can be written as the difference of two squares. [Hint: 


Notice that 


n= (12 +27 4+---+n79)-(2 +27 +---+@—-1))] 


. (a) Find the values of n < 7 for which n! + 1 is a perfect square (it is unknown whether 


n! + 1 is a square for any n > 7). 
(b) True or false? For positive integers m andn, (mn)! = m!n! and(m +n)! =m!+n!. 


. Prove that n! > n? for every integer n > 4, whereas n! > n? for every integer n > 6. 
. Use mathematical induction to derive the following formula for all n > 1: 


101!) + 2(2!) + 33) +--+: +a!) =(n4+1)!-1 


. (a) Verify that for alln > 1, 


2n)! 
Phe (Olds (4n — 2) = 
nN: 


(b) Use part (a) to obtain the inequality 2”(n!)* < (2n)! for alln > 1. 


. Establish the Bernoulli inequality: If 1 + a > 0, then 


d +a)" >1-+na 


for alln > 1. 

For all n > 1, prove the following by mathematical induction: 
1 1 1 

@ ita tart a he ai 
pen 3 n n+2 

| ae ers iene Cage ar a 

Me) gg ost + op 2 


Show that the expression (2n)!/2”n! is an integer for alln > 0. 
Consider the function defined by 


3n+1 
for n odd 
T(n) = 
> for n even 


The 3n + 1 conjecture is the claim that starting from any integer n > 1, the sequence 
of iterates T(n), T(T(n)), T(T(T(n))), ..., eventually reaches the integer 1 and subse- 
quently runs through the values 1 and 2. This has been verified for all n < 10!°. Confirm 
the conjecture in the cases n = 21 andn = 23. 
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13. Suppose that the numbers a, are defined inductively by a; = 1, az = 2, a3 = 3, and 
An = An—-1 + Gn—-2 + Gn-3 for all n > 4. Use the Second Principle of Finite Induction to 
show that a, < 2” for every positive integer n. 

14. If the numbers a, are defined by a; = 11, ay = 21, and a, = 3ay,_, — 2an_2 forn > 3, 
prove that 


a, = 5-2" +1 a A | 


12 THE BINOMIAL THEOREM 


Closely connected with the factorial notation are the binomial coefficients ({). For 
any positive integer n and any integer k satisfying 0 < k < n, these are defined by 


GN. n! 
(“) ~ kin —k)! 


By canceling out either k! or (n — k)!, ({) can be written as 


t) —an—1)--(K+1)_ na—1)---@—k+1) 
G - (n —k)! fs k! 


For example, with n = 8 and k = 3, we have 


8 Pts be es Eta ee 
3) 315! 5! St. ee 


Also observe that if k = 0 or k = n, the quantity 0! appears on the right-hand side 
of the definition of (; ); because we have taken 0! as 1, these special values of k give 


()=(n)= 


There are numerous useful identities connecting binomial coefficients. One that we 
require here is Pascal’s rule: 


(Qt )-("F) vsten 


Its proof consists of multiplying the identity 
1 1 n+1 
kn—-k4+1 ka—k+) 
by n!/(k — 1)!(n — k)! to obtain 
n! n! 
(n+ 1)n! 
~ kk- Dia -k+Da-h! 
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Falling back on the definition of the factorial function, this says that 
n! n! (n+ 1)! 


k\(n — k)! 2 (kK-lla—k+1)! a k!n+1-—k)! 
from which Pascal’s rule follows. 
This relation gives rise to a configuration, known as Pascal’s triangle, in which 


the binomial coefficient ({) appears as the (k + 1)th number in the nth row: 


1464 1 
| emer aes 0 ee 0 ee ne 
1 6 15 20 15 6 1 


The rule of formation should be clear. The borders of the triangle are composed of 
1’s; a number not on the border is the sum of the two numbers nearest it in the row 
immediately above. 

The so-called binomial theorem is in reality a formula for the complete expansion 
of (a+ b)", n = 1, into a sum of powers of a and b. This expression appears with 
great frequency in all phases of number theory, and it is well worth our time to look 
at it now. By direct multiplication, it is easy to verify that 

(a+b)!'=a+t+b 
(a+ by =a*+2ab+b? 
(a+ by =a? + 3a’b + 3ab? + b° 
(a + b)* =a* + 4a*b + 6a7b? + 4ab? + b4, ete. 
The question is how to predict the coefficients. A clue lies in the observation that 


the coefficients of these first few expansions form the successive rows of Pascal’s 
triangle. This leads us to suspect that the general binomial expansion takes the form 


(a+b) = ‘ a” + i a” b+ a” *h* 
“AO 1 2 
n n—1 n n 
tere Ht ab + b 
n—l n 


or, written more compactly, 
(a + by" = e @ a” * pk 
oN 


Mathematical induction provides the best means for confirming this guess. When 
n = 1, the conjectured formula reduces to 


i 
1 1 1 
(a+b) =>, Jabot = ((,)a'0+ (| Jato! =a40 


k=0 
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which is certainly correct. Assuming that the formula holds for some fixed integer 
m, we go on to show that it also must hold for m + 1. The starting point is to notice 
that 


(a+by"*! =a(a+b)" +b(a+b)” 


Under the induction hypothesis, 


a(a + b)” 


Il 
Ms 
Yr 
~~ 3 
ee 
Q 
2 
a 
PH 
> 
ae 


and 


ba+b)"=) > (”") sali i 


j= 
=>( m Jamttoe 4 pret 
La\k-1 


Upon adding these expressions, we obtain 


(a + py"! = qnt! +) > [oe + i. ee 4 pnt 


k=] 


ay (", 7 ') giti-kpk 


k=0 


which is the formula in the case n = m + 1. This establishes the binomial theorem 
by induction. 

Before abandoning these ideas, we might remark that the first acceptable for- 
mulation of the method of mathematical induction appears in the treatise Traité du 
Triangle Arithmetiqué, by the 17th century French mathematician and philosopher 
Blaise Pascal. This short work was written in 1653, but not printed until 1665 be- 
cause Pascal had withdrawn from mathematics (at the age of 25) to dedicate his 
talents to religion. His careful analysis of the properties of the binomial coefficients 
helped lay the foundations of probability theory. 


PROBLEMS 1.2 


1. (a) Derive Newton’s identity 


PRELIMINARIES 11 
(b) Use part (a) to express () in terms of its predecessor: 
n n—-k+1 n 
= ———— >k>1 
(7) k @ = :) a hari 

. f2<k <n —2, show that 

n n—2 Ag n—2 £ n—2 a 

k) \k-2 ae | k se 


- Forn > 1, derive each of the identities below: 


(a) (o)+(i)+G)e+ (2) =x 


[Hint: Let a = b = 1 in the binomial theorem. ] 


b) (5) : es ‘ 6 ere () ae 
(c) & +2(5] +3(5) ten (™) et 


[Hint: After expanding n(1 + b)"~! by the binomial theorem, let b = 1; note also 
that 


[Hint: Use parts (a) and (b).] 

n 1/n 1 /n (-1" (n\_ 1 
®(6)-3(1) ¢3(o)- 9) sqre ae 

[Hint: The left-hand side equals 

] n+1 n+1 n+1 n{(nt+l 
wat (CT!) C2) +03 ')- era) 


. Prove the following forn > 1: 


n n : : 1 
(a) ce) < (11) fan only 0 < Sigh: 


n n : : 1 
(b) () > (10) #fand only itm —1 > 7 > rie: 


1 
n n S . . ‘ 
(c) e = é a ) if and only if 7 is an odd integer, and r = yn =e 
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(a) Forn > 2, prove that 


(2) *(2)*G)e#G)-() 


[Hint: Use induction and Pascal’s rule.] 
(b) From part (a), and the relation m? = 2¢5 ) +m form > 2, deduce the formula 


1 1 
PEP 4s pe pn? = MED 


(c) Apply the formula in part (a) to obtain a proof that 


n(n + 1)\(n + 2) 


be 2223 eo analy 5 


[Hint: Observe that (m — 1)m = 2(’5).] 


. Derive the binomial identity 


(2)+(2)+(a) e+ 


[Hint: For m > 2, 72") = 2(5) + m?.] 


2n _ nn + 1)4n —- 1) 
ea — 


. Forn > 1, verify that 


P4454 nea (7 F1) 


. Show that, forn > 1, 


ce) 1-3-5---(Q2n—1) 
Se 


n 


. Establish the inequality 2” < Gay <2", forn > 1. 


[Hint: Put x =2-4-6---(Qn), y=1-3-5---(Qn—1), and z=1-2-3---n; show 
thatx > y > z, hence x? > xy > xz.] 


The Catalan numbers, defined by 
1 2 2n)! 
oe PN ae peiyiting me 
n+1\n ni(n+1)! 


form the sequence 1, 1, 2,5, 14, 42, 132, 429, 1430, 4862, .... They first appeared in 
1838 when Eugéne Catalan (1814-1894) showed that there are C,, ways of parenthesizing 
a nonassociative product of n + 1 factors. [For instance, when n = 3 there are five ways: 
((ab)c)d, (a(bc))d, a((bc)d), a(b(cd)), (ab)(ac).] For n > 1, prove that C, can be given 
inductively by 

(ne 2(2n — 1) 


Cz 
n n+1 n—-1 
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DIVISIBILITY THEORY IN THE INTEGERS 


Integral numbers are the fountainhead of all mathematics. 
H. MINKowsKI 


2.1 EARLY NUMBER THEORY 


Before becoming weighted down with detail, we should say a few words about 
the origin of number theory. The theory of numbers is one of the oldest branches 
of mathematics; an enthusiast, by stretching a point here and there, could extend 
its roots back to a surprisingly remote date. Although it seems probable that the 
Greeks were largely indebted to the Babylonians and ancient Egyptians for a core 
of information about the properties of the natural numbers, the first rudiments of an 
actual theory are generally credited to Pythagoras and his disciples. 

Our knowledge of the life of Pythagoras is scanty, and little can be said with any 
certainty. According to the best estimates, he was born between 580 and 562 B.c. on 
the Aegean island of Samos. It seems that he studied not only in Egypt, but may even 
have extended his journeys as far east as Babylonia. When Pythagoras reappeared 
after years of wandering, he sought out a favorable place for a school and finally 
settled upon Croton, a prosperous Greek settlement on the heel of the Italian boot. 
The school concentrated on four mathemata, or subjects of study: arithmetica (arith- 
metic, in the sense of number theory, rather than the art of calculating), harmonia 
(music), geometria (geometry), and astrologia (astronomy). This fourfold division 
of knowledge became known in the Middle Ages as the quadrivium, to which was 
added the trivium of logic, grammar, and rhetoric. These seven liberal arts came to 
be looked upon as the necessary course of study for an educated person. 


13 


14 ELEMENTARY NUMBER THEORY 


Pythagoras divided those who attended his lectures into two groups: the Pro- 
bationers (or listeners) and the Pythagoreans. After three years in the first class, a 
listener could be initiated into the second class, to whom were confided the main 
discoveries of the school. The Pythagoreans were a closely knit brotherhood, hold- 
ing all worldly goods in common and bound by an oath not to reveal the founder’s 
secrets. Legend has it that a talkative Pythagorean was drowned in a shipwreck as 
the gods’ punishment for publicly boasting that he had added the dodecahedron to 
the number of regular solids enumerated by Pythagoras. For a time, the autocratic 
Pythagoreans succeeded in dominating the local government in Croton, but a pop- 
ular revolt in 501 B.c. led to the murder of many of its prominent members, and 
Pythagoras himself was killed shortly thereafter. Although the political influence of 
the Pythagoreans thus was destroyed, they continued to exist for at least two centuries 
more as a philosophical and mathematical society. To the end, they remained a secret 
order, publishing nothing and, with noble self-denial, ascribing all their discoveries 
to the Master. 

The Pythagoreans believed that the key to an explanation of the universe lay in 
number and form, their general thesis being that “Everything is Number.” (By num- 
ber, they meant, of course, a positive integer.) For a rational understanding of nature, 
they considered it sufficient to analyze the properties of certain numbers. Pythagoras 
himself, we are told “seems to have attached supreme importance to the study of 
arithmetic, which he advanced and took out of the realm of commercial utility.” 

The Pythagorean doctrine is a curious mixture of cosmic philosophy and number 
mysticism, a sort of supernumerology that assigned to everything material or spiritual 
a definite integer. Among their writings, we find that 1 represented reason, for reason 
could produce only one consistent body of truth; 2 stood for man and 3 for woman; 
4 was the Pythagorean symbol for justice, being the first number that is the product 
of equals; 5 was identified with marriage, because it is formed by the union of 2 and 
3; and so forth. All the even numbers, after the first one, were capable of separation 
into other numbers; hence, they were prolific and were considered as feminine and 
earthy—and somewhat less highly regarded in general. Being a predominantly male 
society, the Pythagoreans classified the odd numbers, after the first two, as masculine 
and divine. 

Although these speculations about numbers as models of “things” appear friv- 
olous today, it must be borne in mind that the intellectuals of the classical Greek 
period were largely absorbed in philosophy and that these same men, because they 
had such intellectual interests, were the very ones who were engaged in laying the 
foundations for mathematics as a system of thought. To Pythagoras and his followers, 
mathematics was largely a means to an end, the end being philosophy. Only with 
the founding of the School of Alexandria do we enter a new phase in which the 
cultivation of mathematics was pursued for its own sake. 

It was at Alexandria, not Athens, that a science of numbers divorced from mystic 
philosophy first began to develop. For nearly a thousand years, until its destruction 
by the Arabs in 641 A.D., Alexandria stood at the cultural and commercial center of 
the Hellenistic world. (After the fall of Alexandria, most of its scholars migrated to 
Constantinople. During the next 800 years, while formal learning in the West all but 
disappeared, this enclave at Constantinople preserved for us the mathematical works 
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of the various Greek schools.) The so-called Alexandrian Museum, a forerunner of 
the modern university, brought together the leading poets and scholars of the day; 
adjacent to it there was established an enormous library, reputed to hold over 700,000 
volumes—hand-copied—at its height. Of all the distinguished names connected with 
the museum, that of Euclid (fl. c.300 B.c.), founder of the School of Mathematics, 
is in a special class. Posterity has come to know him as the author of the Elements, 
the oldest Greek treatise on mathematics to reach us in its entirety. The Elements 
is a compilation of much of the mathematical knowledge available at that time, 
organized into 13 parts or Books, as they are called. The name of Euclid is so often 
associated with geometry that one tends to forget that three of the Books— VII, VIII, 
and [X—are devoted to number theory. 

Euclid’s Elements constitutes one of the great success stories of world literature. 
Scarcely any other book save the Bible has been more widely circulated or stud- 
ied. Over a thousand editions of it have appeared since the first printed version in 
1482, and before its printing, manuscript copies dominated much of the teaching of 
mathematics in Western Europe. Unfortunately, no copy of the work has been found 
that actually dates from Euclid’s own time; the modern editions are descendants of 
a revision prepared by Theon of Alexandria, a commentator of the 4th century A.D. 


PROBLEMS 2.1 
1. Each of the numbers 


PS ls = 2 6 2, LOS Fe aes 
represents the number of dots that can be arranged evenly in an equilateral triangle: 


This led the ancient Greeks to call a number triangular if it is the sum of consecutive 

integers, beginning with 1. Prove the following facts concerning triangular numbers: 

(a) A number is triangular if and only if it is of the form n(n + 1)/2 for some n > 1. 
(Pythagoras, circa 550 B.c.) 

(b) The integer n is a triangular number if and only if 87 + 11s a perfect square. (Plutarch, 
circa 100 A.D.) 

(c) The sum of any two consecutive triangular numbers is a perfect square. (Nicomachus, 
circa 100 A.D.) 

(d) If is a triangular number, then so are 9n + 1, 25n + 3, and 49n + 6. (Euler, 1775) 

2. If t, denotes the nth triangular number, prove that in terms of the binomial coefficients, 


m= ("3 n>1 


3. Derive the following formula for the sum of triangular numbers, attributed to the Hindu 
mathematician Aryabhata (circa 500 A.D.): 


nin + 1)\(n+2 
Fey sy ye ap hg pre ale LD x n>1 


[Hint: Group the terms on the left-hand side in pairs, noting the identity %_, + t% = k?.] 
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. Prove that the square of any odd multiple of 3 is the difference of two triangular numbers; 


specifically, that 


9(2n + 1)? = tons — tans 


. In the sequence of triangular numbers, find the following: 


(a) Two triangular numbers whose sum and difference are also triangular numbers. 
(b) Three successive triangular numbers whose product is a perfect square. 
(c) Three successive triangular numbers whose sum is a perfect square. 


. (a) If the triangular number f, is a perfect square, prove that t4n(,41) is also a square. 


(b) Use part (a) to find three examples of squares that are also triangular numbers. 


. Show that the difference between the squares of two consecutive triangular numbers is 


always a cube. 


. Prove that the sum of the reciprocals of the first n triangular numbers is less than 2; that 
is, 
: aE : a : + : a ede ps 
~+=4+-4+— —< 
1 3 ‘6 10 * 
are B65 1 
[Hint: Observe that aad) = 2(2 = = ).] 
- (a) Establish the identity t, = t, + t,, where 
3 3 


and n > 1, thereby proving that there are infinitely many triangular numbers that are 
the sum of two other such numbers. 

(b) Find three examples of triangular numbers that are sums of two other triangular 
numbers. 

Each of the numbers 


LS 1-24 2S a eed, 22> Lea 710, es. 


represents the number of dots that can be arranged evenly in a pentagon: 


«ae 


The ancient Greeks called these pentagonal numbers. If p, denotes the nth pentagonal 
number, where p; = 1 and pp = Pn; + (3n — 2) forn = 2, prove that 


n(3n — 1) 
PRS n>1 
Forn > 2, verify the following relations between the pentagonal, square, and triangular 
numbers: 
(a) Pn = t—-1 + n? 
(b) Dy = 3h-1+n =2h_1t+th 
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2.2 THE DIVISION ALGORITHM 


We have been exposed to relationships between integers for several pages and, as 
yet, not a single divisibility property has been derived. It is time to remedy this 
situation. One theorem, the Division Algorithm, acts as the foundation stone upon 
which our whole development rests. The result is familiar to most of us; roughly, it 
asserts that an integer a can be “divided” by a positive integer b in such a way that 
the remainder is smaller than is b. The exact statement of this fact is Theorem 2.1. 


Theorem 2.1 Division Algorithm. Given integers a and b, with b > 0, there exist 
unique integers g and r satisfying 


a=qb+r O<r<b 
The integers qg and r are called, respectively, the quotient and remainder in the division 
of a by b. 
Proof. We begin by proving that the set 
S = {a — xb|x an integer; a — xb > 0} 


is nonempty. To do this, it suffices to exhibit a value of x making a — xb nonnegative. 
Because the integer b > 1, we have |a|b > |a|, and so 


a—(—|a|)b=a+ |a|b>a+|a|=0 


For the choice x = —|a |, then, a — xb lies in S. This paves the way for an application 
of the Well-Ordering Principle (Chapter 1), from which we infer that the set S contains 
a smallest integer; call itr. By the definition of S, there exists an integer q satisfying 


r=a-—qb O<r 
We argue that r < b. If this were not the case, thenr > b and 
a—(q+1)b=(a-—qb)-—b=r-—-b=0 


The implication is that the integer a — (¢ + 1)b has the proper form to belong to the 
set S. Buta — (q + 1)b = r — b <r, leading to a contradiction of the choice of r as 
the smallest member of S. Hence, r < b. 

Next we turn to the task of showing the uniqueness of g andr. Suppose that a has 
two representations of the desired form, say, 


a=qb+r=qdb+r' 


where 0 < r < b,0 <r’ <b. Thenr’ —r = bq — q’) and, owing to the fact that the 
absolute value of a product is equal to the product of the absolute values, 


lr’ —rl|=blq-q'| 


Upon adding the two inequalities —b <-—r<0O and O<r' <b, we obtain 
—b <r’ —r <b or, in equivalent terms, |r’ —r| < b. Thus, b| gq — q'| < b, which 
yields 

O<|q-q'|<1 


Because |q — q’ | is a nonnegative integer, the only possibility is that |q — q’| = 0, 
whence qg = q’; this, in turn, gives r = r’, ending the proof. 
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A more general version of the Division Algorithm is obtained on replacing the 
restriction that b must be positive by the simple requirement that b ¥ 0. 


Corollary. If a and b are integers, with b 0, then there exist unique integers q and 
r such that 
a=qb+r O<r<|b| 
Proof. It is enough to consider the case in which b is negative. Then |b| > 0, and 
Theorem 2.1 produces unique integers g’ and r for which 
a=q'|b\|+r O0<r<|b| 
Noting that | b | = —b, wemaytakeg = —q’ toarriveata = qb +r,withO <r < |b|. 


To illustrate the Division Algorithm when b < 0, let us take b = —7. Then, for 
the choices of a = 1, —2, 61, and —59, we obtain the expressions 


1=0(-7)+1 
By Yee | eg) ne 
61 = (-8)(-7) +5 
—59 = 9(-7) +4 


We wish to focus our attention on the applications of the Division Algorithm, 
and not so much on the algorithm itself. As a first illustration, note that with b = 2 
the possible remainders are r = 0 andr = 1. Whenr = 0, the integer a has the form 
a = 2q and is called even; whenr = 1, the integer a has the forma = 2g + 1 andis 
called odd. Now a? is either of the form (2q¢)* = 4k or (2g + 1% = 4(q7+q)+1= 
4k + 1. The point to be made is that the square of an integer leaves the remainder 0 
or 1 upon division by 4. 

We also can show the following: the square of any odd integer is of the form 
8k + 1. For, by the Division Algorithm, any integer is representable as one of the 
four forms: 4q, 4q + 1, 4q + 2, 4q + 3. In this classification, only those integers of 
the forms 4q + 1 and 4qg + 3 are odd. When the latter are squared, we find that 


(4g +1" = 82q7+q4)+1=8k +1 
and similarly 
(4g + 3)? = 8(2q7 + 3g +1)+1=8k4+1 


As examples, the square of the odd integer 7 is 77 = 49 = 8-6 + 1, and the square 
of 13 is 137 = 169 = 8-21 +1. 

As these remarks indicate, the advantage of the Division Algorithm is that it 
allows us to prove assertions about all the integers by considering only a finite 
number of cases. Let us illustrate this with one final example. 


Example 2.1. We propose to show that the expression a(a? + 2)/3 is an integer for 
all a > 1. According to the Division Algorithm, every a is of the form 3q¢, 3g + 1, or 
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3q + 2. Assume the first of these cases. Then 
a(a* + 2) 
3 
which clearly is an integer. Similarly, if a = 3q + 1, then 
(3q + 1)((3q + 1)? + 2) 
3 
and a(a? + 2)/3 is an integer in this instance also. Finally, for a = 3g + 2, we obtain 
(3q + 2)((3q + 2)? + 2) 
3 
an integer once more. Consequently, our result is established in all cases. 


= q(9q? + 2) 


= (3g + 1)(3q7 + 2¢ +1) 


= (3g + 2)(3q7 + 4g + 2) 


PROBLEMS 2.2 


1. 


2. 
Je 


SN 


9. 


10. 
11. 


Prove that if a and b are integers, with b > 0, then there exist unique integers gq and r 
satisfying a = qb +r, where 2b <r < 3b. 

Show that any integer of the form 6k + 5 is also of the form 37 + 2, but not conversely. 
Use the Division Algorithm to establish the following: 

(a) The square of any integer is either of the form 3k or 3k + 1. 

(b) The cube of any integer has one of the forms: 9k, 9k + 1, or 9k + 8. 

(c) The fourth power of any integer is either of the form 5k or 5k + 1. 


. Prove that 3a” — 1 is never a perfect square. 


[Hint: Problem 3(a).] 


. Forn > 1, prove that n(n + 1)(2n + 1)/6 is an integer. 


[Hint: By the Division Algorithm, n has one of the forms 6k, 6k + 1, ..., 6k + 5; estab- 
lish the result in each of these six cases. ] 


. Show that the cube of any integer is of the form 7k or 7k + 1. 
. Obtain the following version of the Division Algorithm: For integers a and b, withb + 0, 


there exist unique integers g and r that satisfy a = gb +r, where —3| b|<r< Al b|. 
[Hint: First writea = q’b +r’, whereO <r’ < |b|.When0 <r’ < 5|b|, letr =r’ and 
q = q'; when 5|D| <r’ <|b|,letr =r’ —|b|andq =q'+1ifb>0Oorg=q'-1 
ifb < 0.] 


. Prove that no integer in the following sequence is a perfect square: 


Dye a A 
[Hint: A typical term 111 ---111 can be written as 
111---111 =111---108+3 = 4k + 3.] 


Verify that if an integer is simultaneously a square and a cube (as is the case with 
64 = 8% = 43), then it must be either of the form 7k or 7k + 1. 

For n > 1, establish that the integer n(7n? + 5) is of the form 6k. 

If n is an odd integer, show that n* + 4n? + 11 is of the form 16k. 


2.3 THE GREATEST COMMON DIVISOR 


Of special significance is the case in which the remainder in the Division Algorithm 
turns out to be zero. Let us look into this situation now. 
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Definition 2.1. An integer b is said to be divisible by an integer a 4 0, in symbols 
a |b, if there exists some integer c such that b = ac. We write a J b to indicate that b 
is not divisible by a. 


Thus, for example, —12 is divisible by 4, because —12 = 4(—3). However, 10 
is not divisible by 3; for there is no integer c that makes the statement 10 = 3c true. 

There is other language for expressing the divisibility relation a |b. We could 
say that a is a divisor of b, that a is a factor of b, or that b is a multiple of a. Notice 
that in Definition 2.1 there is a restriction on the divisor a: whenever the notation 
a |b is employed, it is understood that a is different from zero. 

If a is a divisor of b, then b is also divisible by —a (indeed, b = ac implies that 
b = (—a)(—c)), so that the divisors of an integer always occur in pairs. To find all 
the divisors of a given integer, it is sufficient to obtain the positive divisors and then 
adjoin to them the corresponding negative integers. For this reason, we shall usually 
limit ourselves to a consideration of positive divisors. 

It will be helpful to list some immediate consequences of Definition 2.1. (The 
reader is again reminded that, although not stated, divisors are assumed to be 
nonzero.) 


Theorem 2.2. For integers a, b, c, the following hold: 


(a) a|0,1l|a,ala. 

(b) a|1if and only ifa = +1. 

(c) Ifa|b and c|d, then ac | bd. 

(d) Ifa|bandb|c, thena |c. 

(e) a|b and b| a if and only if a = +b. 

(f) Ifa|b andb F 0, then |a| < |D|. 

(g) Ifa|b anda|c, then a |(bx + cy) for arbitrary integers x and y. 


Proof. We shall prove assertions (f) and (g), leaving the other parts as an exercise. If 
a|b, then there exists an integer c such that b = ac; also, b # 0 implies that c # 0. 
Upon taking absolute values, we get |b | = |ac| = |a||c|. Becausec + 0, it follows 
that |c| > 1, whence |b| = |a||c| > lal. 

As regards (g), the relations a|b and a|c ensure that b = ar and c = as for 
suitable integers r and s. But then whatever the choice of x and y, 


bx + cy =arx +asy =a(rx+sy) 


Because rx + sy is an integer, this says that a | (bx + cy), as desired. 


It is worth pointing out that property (g) of Theorem 2.2 extends by induction 
to sums of more than two terms. That is, if a | b, fork = 1,2,...,n, then 


a | (dix + box2 + +++ + byXn) 


for all integers x;, x2,..., X,. The few details needed for the proof are so straight- 
forward that we omit them. 

If a and b are arbitrary integers, then an integer d is said to be a common 
divisor of a and b if both d|a and d|b. Because 1 is a divisor of every integer, 
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1 is acommon divisor of a and b; hence, their set of positive common divisors is 
nonempty. Now every integer divides zero, so that if a = b = 0, then every integer 
serves as acommon divisor of a and b. In this instance, the set of positive common 
divisors of a and b is infinite. However, when at least one of a or b is different from 
zero, there are only a finite number of positive common divisors. Among these, there 
is a largest one, called the greatest common divisor of a and b. We frame this as 
Definition 2.2. 


Definition 2.2. Let a and b be given integers, with at least one of them different from 
zero. The greatest common divisor of a and b, denoted by gcd(a, b), is the positive 
integer d satisfying the following: 


(a) d|a andd |b. 
(b) Ifc|aandc|b, thenc < d. 


Example 2.2. The positive divisors of —12 are 1, 2, 3, 4, 6, 12, whereas those of 30 
are 1, 2, 3, 5, 6, 10, 15, 30; hence, the positive common divisors of —12 and 30 are 1, 
2, 3, 6. Because 6 is the largest of these integers, it follows that gcd(—12, 30) = 6. In 
the same way, we can show that 


gcd(—5, 5) = 5 gcd(8, 17) = 1 gcd(—8, —36) = 4 
The next theorem indicates that gcd(a, b) can be represented as a linear combi- 


nation of a and b. (By a linear combination of a and b, we mean an expression of 
the form ax + by, where x and y are integers.) This is illustrated by, say, 


gcd(—12, 30) = 6 = (-12)2+ 30-1 
or 
gcd(—8, —36) = 4 = (—8)4 + (—36)(-1) 
Now for the theorem. 
Theorem 2.3. Given integers a and b, not both of which are zero, there exist integers 
x and y such that 


gcd(a, b) = ax + by 


Proof. Consider the set S of all positive linear combinations of a and b: 
S = {au + bv |au + by > 0;u, v integers} 


Notice first that S is not empty. For example, ifa # 0, then the integer|a| = au+b-0 
lies in S, where we choose u = 1 or u = —1 according as a is positive or negative. 
By virtue of the Well-Ordering Principle, S must contain a smallest element d. Thus, 
from the very definition of S, there exist integers x and y for which d = ax + by. We 
claim that d = gcd(a, b). 
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Taking stock of the Division Algorithm, we can obtain integers g and such that 
a =qd-+r, where 0 <r < d. Thenr can be written in the form 


r=a-—qd=a-—q(ax +by) 
= a(1 — qx) + b(—qy) 

If r were positive, then this representation would imply that r is a member of S, 
contradicting the fact that d is the least integer in S (recall that r < d). Therefore, 
r = 0, and so a = qd, or equivalently d|a. By similar reasoning, d | b, the effect of 
which is to make d a common divisor of a and b. 

Now if c is an arbitrary positive common divisor of the integers a and b, then part 
(g) of Theorem 2.2 allows us to conclude that c | (ax + by); that is, c | d. By part (f) of 


the same theorem, c = |c | < |d| = d, so thatd is greater than every positive common 
divisor of a and b. Piecing the bits of information together, we see thatd = gcd(a, b). 


It should be noted that the foregoing argument is merely an “existence” proof 
and does not provide a practical method for finding the values of x and y. This will 
come later. 

A perusal of the proof of Theorem 2.3 reveals that the greatest common divisor 
of a and b may be described as the smallest positive integer of the form ax + by. 
Consider the case in which a = 6 and b = 15. Here, the set S becomes 


S = {6(—2) + 15-1, 6(—1) 4+ 15-1,6-14+15-0,...} 
Sa os Ot} 


We observe that 3 is the smallest integer in S, whence 3 = gcd(6, 15). 
The nature of the members of S appearing in this illustration suggests another 
result, which we give in the next corollary. 
Corollary. If a and b are given integers, not both zero, then the set 
T = {ax + by|x, y are integers} 
is precisely the set of all multiples of d = gcd(a, b). 
Proof. Because d | a and d |b, we know that d | (ax + by) for all integers x, y. Thus, 


every member of T is a multiple of d. Conversely, d may be written as d = axo + byo 
for suitable integers xp and yo, so that any multiple nd of d is of the form 


nd = n(axo + byo) = a(nxo) + b(nyo) 
Hence, nd is a linear combination of a and b, and, by definition, lies in T. 
It may happen that 1 and —1 are the only common divisors of a given pair of 
integers a and b, whence gcd(a, b) = 1. For example: 
gced(2, 5) = gced(—9, 16) = gcd(—27, —35) = 1 
This situation occurs often enough to prompt a definition. 


Definition 2.3. Two integers a and b, not both of which are zero, are said to be relatively 
prime whenever gcd(a, b) = 1. 
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The following theorem characterizes relatively prime integers in terms of linear 
combinations. 


Theorem 2.4. Let a and b be integers, not both zero. Then a and b are relatively prime 
if and only if there exist integers x and y such that 1 = ax + by. 


Proof. If a and b are relatively prime so that gcd(a, b) = 1, then Theorem 2.3 guar- 
antees the existence of integers x and y satisfying 1 = ax + by. As for the converse, 
suppose that 1 = ax + by for some choice of x and y, and thatd = gcd(a, b). Because 
d|aandd|b, Theorem 2.2 yields d | (ax + by), or d | 1. Inasmuch as d is a positive 
integer, this last divisibility condition forces d to equal 1 (part (b) of Theorem 2.2 plays 
a role here), and the desired conclusion follows. 


This result leads to an observation that is useful in certain situations; namely, 
Corollary 1. If gcd(a, b) = d, then gcd(a/d, b/d) = 1. 


Proof. Before starting with the proof proper, we should observe that although a/d and 
b/d have the appearance of fractions, in fact, they are integers because d is a divisor 
both of a and of b. Now, knowing that gcd(a, b) = d, it is possible to find integers x 
and y such that d = ax + by. Upon dividing each side of this equation by d, we obtain 


the expression 
a b 
1=(5)+ (5) 4 


Because a/d and b/d are integers, an appeal to the theorem is legitimate. The conclu- 
sion is that a/d and b/d are relatively prime. 


For an illustration of the last corollary, let us observe that gcd(—12, 30) = 6 and 
gcd(—12/6, 30/6) = gced(—2, 5) = 1 


as it should be. 

It is not true, without adding an extra condition, that a | c and b| c together give 
ab | c. For instance, 6 | 24 and 8 | 24, but6-8 / 24. If 6 and 8 were relatively prime, 
of course, this situation would not arise. This brings us to Corollary 2. 


Corollary 2. If a|c and b|c, with gcd(a, b) = 1, then ab|c. 


Proof. Inasmuch as a | c and b | c, integers r and s can be found such that c = ar = bs. 
Now the relation gcd(a, b) = 1 allows us to write 1 = ax + by for some choice of 
integers x and y. Multiplying the last equation by c, it appears that 


c=c:l=c(ax + by) =acx + bey 
If the appropriate substitutions are now made on the right-hand side, then 
c = a(bs)x + b(ar)y = ab(sx + ry) 


or, as a divisibility statement, ab |c. 
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Our next result seems mild enough, but is of fundamental importance. 
Theorem 2.5 Euclid’s lemma. If a | bc, with gcd(a, b) = 1, thena|c. 


Proof. We start again from Theorem 2.3, writing 1 = ax + by, where x and y are 
integers. Multiplication of this equation by c produces 


c=1-c=(ax+by)c =acx + bey 


Because a | ac and a | bc, it follows that a | (acx + bcy), which can be recast as a | c. 


If a and b are not relatively prime, then the conclusion of Euclid’s lemma may 
fail to hold. Here is a specific example: 12|9-8, but 12 4 9 and 12 / 8. 

The subsequent theorem often serves as a definition of gcd(a, b). The advantage 
of using it as a definition is that order relationship is not involved. Thus, it may be 
used in algebraic systems having no order relation. 


Theorem 2.6. Let a, b be integers, not both zero. For a positive integer d, 
d = gcd(a, b) if and only if 


(a) d|aandd|b. 
(b) Whenever c |a and c|b, then c | d. 


Proof. To begin, suppose that d = gcd(a, b). Certainly, d|a and d |b, so that (a) 
holds. In light of Theorem 2.3, d is expressible as d = ax + by for some integers x, y. 
Thus, if c|a@ and c|b, then c | (ax + by), or rather c | d. In short, condition (b) holds. 
Conversely, let d be any positive integer satisfying the stated conditions. Given any 
common divisor c of a and b, we have c|d from hypothesis (b). The implication is 
that d > c, and consequently d is the greatest common divisor of a and b. 


PROBLEMS 2.3 


1. If a |b, show that (—a) |b, a | (—b), and (—a) | (—b). 
2. Given integers a, b, c, d, verify the following: 
(a) If a|b, then a | be. 
(b) Ifa|b and a|c, then a? | be. 
(c) a|b if and only if ac | bc, where c # 0. 
(d) If a|b and c|d, then ac | bd. 
3. Prove or disprove: If a|(b + c), then either a|b ora|c. 
4. For n > 1, use mathematical induction to establish each of the following divisibility 
statements: 
(a) 8|5% +7. 
[Hint: PC+D +7 = 525% 4.7) + (7 — 5? -7).] 
(b) 15|2” —1. 
(c) 5 | 33n+1 ae gntl 
(d) 21 | 47+! se 52n-1. 
(e) 24|2-7° +3.-5" —5S. 
5. Prove that for any integer a, one of the integers a, a + 2, a + 4 is divisible by 3. 


15. 


16. 


17. 
18. 


19. 


20. 
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. For an arbitrary integer a, verify the following: 


(a) 2|a(a + 1), and 3|a(a + 1)(a + 2). 
(b) 3|a(2a? +7). 
(c) If a is odd, then 32 | (a + 3)(a? +7). 


. Prove that if a and b are both odd integers, then 16| a* + b* — 2. 
. Prove the following: 


(a) The sum of the squares of two odd integers cannot be a perfect square. 
(b) The product of four consecutive integers is 1 less than a perfect square. 


. Establish that the difference of two consecutive cubes is never divisible by 2. 
. For a nonzero integer a, show that gcd(a, 0) = |a |, gcd(a, a) = |a |, and gcd(a, 1) = 1. 
. If a and b are integers, not both of which are zero, verify that 


gcd(a, b) = gcd(—a, b) = gcd(a, —b) = gcd(—a, —b) 


. Prove that, for a positive integer n and any integer a, gcd(a, a + n) divides n; hence, 


gcd(a,a+1)=1. 


. Given integers a and b, prove the following: 


(a) There exist integers x and y for which c = ax + by if and only if gcd(a, b) | c. 
(b) If there exist integers x and y for which ax + by = gcd(a, b), then gcd(x, y) = 1. 


. For any integer a, show the following: 


(a) gcd(2a + 1,9a + 4) = 1. 
(b) gced(5a + 2, 7a + 3) = 1. 
(c) If a is odd, then gcd(3a, 3a + 2) = 1. 
If a and b are integers, not both of which are zero, prove that gcd(2a — 3b, 4a — 5b) 
divides b; hence, gcd(2a + 3, 4a + 5) = 1. 
Given an odd integer a, establish that 
a’+(a+2P+(+4r4+1 

is divisible by 12. 
Prove that the expression (3n)!/(3!)” is an integer for all n > 0. 
Prove: The product of any three consecutive integers is divisible by 6; the product of any 
four consecutive integers is divisible by 24; the product of any five consecutive integers 
is divisible by 120. 
[Hint: See Corollary 2 to Theorem 2.4.] 
Establish each of the assertions below: 
(a) If a is an arbitrary integer, then 6 | a(a? + 11). 
(b) If a is an odd integer, then 24 | a(a? — 1). 

[Hint: The square of an odd integer is of the form 8k + 1.] 
(c) If a and b are odd integers, then 8 | (a? — b?). 
(d) If a is an integer not divisible by 2 or 3, then 24 | (a* + 23). 
(e) If a is an arbitrary integer, then 360 | a?(a* — 1)(a* — 4). 
Confirm the following properties of the greatest common divisor: 
(a) If gcd(a, b) = 1, and gced(a, c) = 1, then gced(a, bc) = 1. 

[Hint: Because 1 = ax + by = au + cv for some x, y, u,v, 

1 = (ax + by)(au + cv) = a(aux + cvx + byu) + bc(yv).] 
(b) If gcd(a, b) = 1, andc |a, then gcd(b, c) = 1. 
(c) If gcd(a, b) = 1, then gced(ac, b) = gcd(c, b). 
(d) If gcd(a, b) = 1, andc|a+), then gcd(a, c) = gcd(b, c) = 1. 

[Hint: Let d = gcd(a, c). Then d | a, d|c implies that d | (a + b) — a, ord |b.] 
(e) If gcd(a, b) = 1, d| ac, andd | bc, thend |c. 
(f) If gcd(a, b) = 1, then gcd(a?, b*) = 1. 

[Hint: First show that gcd(a, b*) = ged(a”, b) = 1.] 
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21. (a) Prove that if d|n, then 2? — 1|2" —1. 
[Hint: Use the identity 
x¥ Jao +x8 7 4---4+44))) 

(b) Verify that 23° — 1 is divisible by 31 and 127. 
22. Let ¢, denote the nth triangular number. For what values of n does ¢, divide the sum 

htit-: +h? 

[Hint: See Problem 1(c), Section 1.1.] 
23. If a | bc, show that a | gcd(a, b) gcd(a, c). 


2.4 THE EUCLIDEAN ALGORITHM 


The greatest common divisor of two integers can be found by listing all their pos- 
itive divisors and choosing the largest one common to each; but this is cumber- 
some for large numbers. A more efficient process, involving repeated application 
of the Division Algorithm, is given in the seventh book of the Elements. Although 
there is historical evidence that this method predates Euclid, today it is referred to 
as the Euclidean Algorithm. 

The Euclidean Algorithm may be described as follows: Let a and b be two inte- 
gers whose greatest common divisor is desired. Because gcd(| a |, | b |) = gced(a, b), 
there is no harm in assuming that a > b > 0. The first step is to apply the Division 
Algorithm to a and b to get 


a=qb+r O<r, <b 
If it happens that 7; = 0, then b| a and gcd(a, b) = b. When r; ¥ 0, divide b by r; 
to produce integers qg2 and r2 satisfying 

b= qr +12 O<n <r 
If r2 = 0, then we stop; otherwise, proceed as before to obtain 

r) = garo +73 O0<7r3<r2 


This division process continues until some zero remainder appears, say, at the 
(n + 1)th stage where r,_; is divided by r, (a zero remainder occurs sooner or 
later because the decreasing sequence b > r; > rp > --- > O cannot contain more 
than b integers). 

The result is the following system of equations: 


a=qb+nr, 0<r, <b 
b= qor+1r2 0<nm <r 
ry = Q@3lat+rs3 0<7r3<1r 


Yn—2 = Qn¥n-1 + Tn Qh Ah 
Vn-1 = Gn4+1ln +0 


We argue that r,, the last nonzero remainder that appears in this manner, is equal to 
gcd(a, b). Our proof is based on the lemma below. 


Lemma. If a = qb +, , then gcd(a, b) = gcd(d, r). 
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Proof. If d= gcd(a,b), then the relations d|a and d|b together imply that 
d|(a— qb), or d|r. Thus, d is a common divisor of both b and r. On the other 
hand, if c is an arbitrary common divisor of b and r, then c|(qb+1r), whence 
c|a. This makes c a common divisor of a and b, so that c < d. It now follows from 
the definition of gcd(b, r) that d = gcd(b, r). 


Using the result of this lemma, we simply work down the displayed system of 
equations, obtaining 


gcd(a, b) = gcd(b, 71) = --- = gcd(7y_1, Mn) = gcd(rn, 0) = 1 


as claimed. 

Theorem 2.3 asserts that gcd(a, b) can be expressed in the form ax + by, but the 
proof of the theorem gives no hint as to how to determine the integers x and y. For 
this, we fall back on the Euclidean Algorithm. Starting with the next-to-last equation 
arising from the algorithm, we write 


Tn = Tn-2 — Qnln-1 
Now solve the preceding equation in the algorithm for r,_; and substitute to obtain 


Yn = Vn-2 — Gallus a Gn—1Tn-2) 
7 ! se QnQn-1)1n—2 ale (=dn)Fn—3 


This represents 7, as a linear combination of r,_2 and r,_3. Continuing backward 
through the system of equations, we successively eliminate the remainders r,_1, 
In—2,-+--+,12,11 until a stage is reached where r, = gcd(a, b) is expressed as a linear 
combination of a and b. 


Example 2.3. Let us see how the Euclidean Algorithm works in a concrete case 
by calculating, say, gcd(12378, 3054). The appropriate applications of the Division 
Algorithm produce the equations 


12378 = 4- 3054 + 162 
3054 = 18 - 162 + 138 
162 = 1- 138+ 24 
138 =5-24+ 18 
24=1-18+6 
18 =3-6+0 


Our previous discussion tells us that the last nonzero remainder appearing in these 
equations, namely, the integer 6, is the greatest common divisor of 12378 and 3054: 


6 = gced(12378, 3054) 


To represent 6 as a linear combination of the integers 12378 and 3054, we start with 
the next-to-last of the displayed equations and successively eliminate the remainders 
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18, 24, 138, and 162: 


6= 24-18 
= 24 — (138 — 5 - 24) 
= 6-24 — 138 
= 6(162 — 138) — 138 
= 6-162 —7- 138 
= 6- 162 — 7(3054 — 18 - 162) 
= 132-162 —7- 3054 
= 132(12378 — 4 - 3054) — 7 - 3054 
= 132 - 12378 + (—535)3054 


Thus, we have 
6 = gcd(12378, 3054) = 12378x + 3054y 


where x = 132 and y = —535. Note that this is not the only way to express the integer 
6 as a linear combination of 12378 and 3054; among other possibilities, we could add 
and subtract 3054 - 12378 to get 


6 = (132 + 3054)12378 + (—535 — 12378)3054 
= 3186 - 12378 + (—12913)3054 


The French mathematician Gabriel Lamé (1795-1870) proved that the number 
of steps required in the Euclidean Algorithm is at most five times the number of 
digits in the smaller integer. In Example 2.3, the smaller integer (namely, 3054) 
has four digits, so that the total number of divisions cannot be greater than 20; in 
actuality only six divisions were needed. Another observation of interest is that for 
each n > 0, it is possible to find integers a, and b, such that exactly n divisions are 
required to compute gcd(a,, b,) by the Euclidean Algorithm. We shall prove this 
fact in Chapter 14. 

One more remark is necessary. The number of steps in the Euclidean Algorithm 
usually can be reduced by selecting remainders r;,, such that | 7,41 | < 7,/2, that is, 
by working with least absolute remainders in the divisions. Thus, repeating Example 
2.3, it is more efficient to write 


12378 = 4 - 3054 + 162 
3054 = 19 - 162 — 24 
162 =7-24-6 
24 = (—4)(—6) + 0 
As evidenced by this set of equations, this scheme is apt to produce the negative of 
the value of the greatest common divisor of two integers (the last nonzero remainder 


being —6), rather than the greatest common divisor itself. 
An important consequence of the Euclidean Algorithm is the following theorem. 


Theorem 2.7. If k > 0, then gcd(ka, kb) = k gcd(a, b). 
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Proof. If each of the equations appearing in the Euclidean Algorithm for a and b (see 
page 28) is multiplied by k, we obtain 

ak = q\(bk) +r,k O<r,k < bk 

bk = qo(r1k) + rok 0 < rok < rk 


Tn-2K = Gn(Tn-1k) + rnk =O < rk < ry_-1k 
Tn-1K = Gn+i(tnk) + 0 


But this is clearly the Euclidean Algorithm applied to the integers ak and bk, so that 
their greatest common divisor is the last nonzero remainder r,,k; that is, 


gcd(ka, kb) = r,k = k gcd(a, b) 


as stated in the theorem. 
Corollary. For any integer k 4 0, gcd(ka, kb) = |k | gcd(a, b). 


Proof. It suffices to consider the case in which k < 0. Then —k = |k| > 0 and, by 
Theorem 2.7, 


ecd(ak, bk) = gcd(—ak, —bk) 
= gcd(a | k|, b| k]) 
= |k| ged(a, b) 


An alternate proof of Theorem 2.7 runs very quickly as follows: gcd(ak, bk) is 
the smallest positive integer of the form (ak)x + (bk)y, which, in turn, is equal to 
k times the smallest positive integer of the form ax + by; the latter value is equal to 
k gcd(a, b). 

By way of illustrating Theorem 2.7, we see that 


gcd(12, 30) = 3 gcd(4, 10) = 3 - 2 gcd(2,5) = 6-1=6 


There is a concept parallel to that of the greatest common divisor of two integers, 
known as their least common multiple; but we shall not have much occasion to make 
use of it. An integer c is said to be a common multiple of two nonzero integers a 
and b whenever a |c and b| c. Evidently, zero is a common multiple of a and b. To 
see there exist common multiples that are not trivial, just note that the products ab 
and —(ab) are both common multiples of a and b, and one of these is positive. By 
the Well-Ordering Principle, the set of positive common multiples of a and b must 
contain a smallest integer; we call it the least common multiple of a and b. 

For the record, here is the official definition. 


Definition 2.4. The least common multiple of two nonzero integers a and b, denoted 
by Icm(a, b), is the positive integer m satisfying the following: 


(a) a|m and b|m. 
(b) Ifa|candb|c, withc > 0, thenm <c. 


30 ELEMENTARY NUMBER THEORY 


As an example, the positive common multiples of the integers —12 and 30 are 
60, 120, 180, ...; hence, Icm(—12, 30) = 60. 

The following remark is clear from our discussion: given nonzero integers a 
and b, lcm(a, b) always exists and Icm(a, b) < |ab|. 

We lack a relationship between the ideas of greatest common divisor and least 
common multiple. This gap is filled by Theorem 2.8. 


Theorem 2.8. For positive integers a and b 


gcd(a, b) |lcm(a, b) = ab 


Proof. To begin, put d = gcd(a, b) and write a = dr, b = ds for integers r and s. If 
m = ab/d, then m = as = rb, the effect of which is to make m a (positive) common 
multiple of a and b. 

Now let c be any positive integer that is a common multiple of a and b; say, 
for definiteness, c = au = bv. As we know, there exist integers x and y satisfying 
d = ax + by. In consequence, 


c cd c(ax+by) c c 
aner pee i ane ee (~)x+(<)y sve +uy 
b a 
This equation states that m | c, allowing us to conclude that m < c. Thus, in accordance 
with Definition 2.4, m = lcm(a, b); that is, 


m ab ab 


(eae, ab ab 
cm(a, b) = — = ———~ 
d  gcd(a, b) 


which is what we started out to prove. 
Theorem 2.8 has a corollary that is worth a separate statement. 


Corollary. For any choice of positive integers a and b, lcm(a, b) = ab if and only if 
gcd(a, b) = 1. 


Perhaps the chief virtue of Theorem 2.8 is that it makes the calculation of the 
least common multiple of two integers dependent on the value of their greatest 
common divisor—which, in turn, can be calculated from the Euclidean Algorithm. 
When considering the positive integers 3054 and 12378, for instance, we found that 
gcd(3054, 12378) = 6; whence, 


3054 - 12378 
Icm(3054, 12378) = = 6300402 


Before moving on to other matters, let us observe that the notion of greatest 
common divisor can be extended to more than two integers in an obvious way. In the 
case of three integers, a, b, c, not all zero, gcd(a, b, c) is defined to be the positive 
integer d having the following properties: 


(a) d is a divisor of each of a, b, c. 
(b) If e divides the integers a, b, c, then e < d. 
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We cite two examples: 


gcd(39, 42,54) = 3 and gcd(49, 210, 350) = 7 


The reader is cautioned that it is possible for three integers to be relatively prime as 
a triple (in other words, gcd(a, b, c) = 1), yet not relatively prime in pairs; this is 
brought out by the integers 6, 10, and 15. 


PROBLEMS 2.4 


1. 
2. 


N 


10. 


11. 


Find gcd(143, 227), gcd(306, 657), and gcd(272, 1479). 

Use the Euclidean Algorithm to obtain integers x and y satisfying the following: 
(a) gcd(56, 72) = 56x + 72y. 

(b) gcd(24, 138) = 24x + 138y. 

(c) gcd(119, 272) = 119x + 272y. 

(d) gcd(1769, 2378) = 1769x + 2378y. 


. Prove that if d is a common divisor of a and b, then d = gcd(a, b) if and only if 


gcd(a/d, b/d) = 1. 
[Hint: Use Theorem 2.7.] 


. Assuming that gcd(a, b) = 1, prove the following: 


(a) gcd(a + b,a — b) = 1 or?2. 
[Hint: Let d = gcd(a+b,a—b) and show that d|2a, d|2b, and thus that 
d < gcd(2a, 2b) = 2 gcd(a, b).] 
(b) gcd(2a + b,a + 2b) = 1 or3. 
(c) ged(a + b, a* + b*) = 1 or2. 
[Hint: a? + b? = (a + b)(a — b) + 2b7.] 
(d) gcd(a + b, a? — ab + b*) = 1 or3. 
[Hint: a — ab +. b* = (a +b)? — 3ab_] 


. Forn > 1, and positive integers a, b, show the following: 


(a) If gcd(a, b) = 1, then gcd(a”, b”) = 1. 
[Hint: See Problem 20(a), Section 2.2. ] 

(b) The relation a” |b” implies that a | b. 
[Hint: Put d = gcd(a, b) and writea = rd, b = sd, where gcd(r, s) = 1. By part (a), 
gcd(r”, s”) = 1. Show that r = 1, whence a = d.] 


. Prove that if gcd(a, b) = 1, then gcd(a + b, ab) = 1. 
. For nonzero integers a and b, verify that the following conditions are equivalent: 


(a) a|b. 
(b) ged(a, b) = |a|. 
(c) Iem(a, b) = |b|. 


. Find lem(143, 227), lcm(306, 657), and lcm(272, 1479). 
. Prove that the greatest common divisor of two positive integers divides their least common 


multiple. 

Given nonzero integers a and J, establish the following facts concerning Icm(a, b): 

(a) gcd(a, b) = Icm(a, b) if and only ifa = +b. 

(b) If k > O, then lcm(ka, kb) = k Icm(a, b). 

(c) If m is any common multiple of a and b, then lcm(a, b) | m. 
[Hint: Putt = lcm(a, b) and use the Division Algorithm to writem = gt + r, where 
0 <r <t. Show that r is acommon multiple of a and D.] 

Let a, b, c be integers, no two of which are zero, and d = gcd(a, b, c). Show that 


d = gcd(gcd(a, b), c) = gcd(a, gcd(b, c)) = gced(gced(a, c), b) 
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12. Find integers x, y, z satisfying 
gcd(198, 288, 512) = 198x + 288y + 512z 


[Hint: Put d = gcd(198, 288). Because gcd(198, 288, 512) = gcd(d, 512), first find 
integers u and v for which gcd(d, 512) = du + 512v.] 


2.5 THE DIOPHANTINE EQUATION ax + by =c 


We now change focus somewhat and take up the study of Diophantine equations. 
The name honors the mathematician Diophantus, who initiated the study of such 
equations. Practically nothing is known of Diophantus as an individual, save that 
he lived in Alexandria sometime around 250 A.D. The only positive evidence as to 
the date of his activity is that the Bishop of Laodicea, who began his episcopate in 
270, dedicated a book on Egyptian computation to his friend Diophantus. Although 
Diophantus’s works were written in Greek and he displayed the Greek genius for the- 
oretical abstraction, he was most likely a Hellenized Babylonian. The only personal 
particulars we have of his career come from the wording of an epigram-problem 
(apparently dating from the 4th century): his boyhood lasted 1/6 of his life; his beard 
grew after 1/12 more; after 1/7 more he married, and his son was born 5 years later; 
the son lived to half his father’s age and the father died 4 years after his son. If x 
was the age at which Diophantus died, these data lead to the equation 


1 1 1 1 

eat Ta ae ae 
with solution x = 84. Thus, he must have reached an age of 84, but in what year or 
even in what century is not certain. 

The great work upon which the reputation of Diophantus rests is his Arithmetica, 
which may be described as the earliest treatise on algebra. Only six books of the 
original thirteen have been preserved. It is in the Arithmetica that we find the first 
systematic use of mathematical notation, although the signs employed are of the 
nature of abbreviations for words rather than algebraic symbols in the sense with 
which we use them today. Special symbols are introduced to represent frequently 
occurring concepts, such as the unknown quantity in an equation and the different 
powers of the unknown up to the sixth power; Diophantus also had a symbol to 
express subtraction, and another for equality. 

The part of the Arithmetica that has come down to us consists of some 200 
problems, which we could now express as equations, together with their worked- 
out solutions in specific numbers. Considerable attention was devoted to problems 
involving squares or cubes. Even for problems with infinitely many solutions, Dio- 
phantus was content with finding just one. Solutions were usually given in terms 
of positive rational numbers, sometimes admitting positive integers; there was no 
notion at that time of negative numbers as mathematical entities. 

Although the Arvithmetica does not fall into the realm of number theory, which 
involves properties of the integers, it nevertheless gave great impetus to subsequent 
European development of the subject. In the mid-17th century, the French mathe- 
matician Pierre de Fermat acquired a Latin translation of the rediscovered books of 
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Diophantus’s treatise. Fermat embarked on a careful study of its solution techniques, 
looking for integral solutions to replace the rational ones of Diophantus and opening 
up new paths at which the Avithmetica only hinted. As an example, one problem 
asked the following: find four numbers such that the product of any two, increased 
by 1, is a square. Diophantus’s methods had led him to the set i 33 8 ae but 
Fermat produced the four positive integers 1, 3, 8, 120. (Another set is 3, 8, 21, 
2081.) 

The Arithmetica became a treasure trove for later number theorists. Through 
the years, mathematicians have been intrigued by such problems, extending and 
generalizing them in one way and another. Consider, for instance, Diophantus’s 
problem of finding three numbers such that the product of any two, increased by 
the sum of the same two, is a square. In the 18th century, Leonhard Euler treated 
the same problem with four numbers; and recently a set of five numbers with the 
indicated property has been found. To this day the Arithmetica remains a source of 
inspiration to number theorists. 

It is customary to apply the term Diophantine equation to any equation in one or 
more unknowns that is to be solved in the integers. The simplest type of Diophantine 
equation that we shall consider is the linear Diophantine equation in two unknowns: 


ax+by=c 


where a, b, c are given integers and a, b are not both zero. A solution of this equation 
is a pair of integers xo, yo that, when substituted into the equation, satisfy it; that is, 
we ask that axo + byo = c. Curiously enough, the linear equation does not appear 
in the extant works of Diophantus (the theory required for its solution is to be found 
in Euclid’s Elements), possibly because he viewed it as trivial; most of his problems 
deal with finding squares or cubes with certain properties. 

A given linear Diophantine equation can have a number of solutions, as is the 
case with 3x + 6y = 18, where 


3<446-1 = 18 
3(-6) + 6-6 = 18 
3.104 6(=2):= 18 


By contrast, there is no solution to the equation 2x + 10y = 17. Indeed, the left-hand 
side is an even integer whatever the choice of x and y, whereas the right-hand side is 
not. Faced with this, it is reasonable to enquire about the circumstances under which 
a solution is possible and, when a solution does exist, whether we can determine all 
solutions explicitly. 

The condition for solvability is easy to state: the linear Diophantine equation 
ax + by = cadmitsa solution if and only ifd | c, whered = gcd(a, b). We know that 
there are integers r and s for which a = dr and b = ds. Ifasolution of ax + by =c 
exists, so that axp + byo = c for suitable xp and yo, then 


c = axon + by = drxp + dsyo = d(rxo0 + Syo) 


which simply says that d|c. Conversely, assume that d|c, say c = dt. Using 
Theorem 2.3, integers xo and yo can be found satisfying d = axp + byo. When 
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this relation is multiplied by t, we get 
Cc = dt = (axo + byo)t = a(txo) + b(tyo) 


Hence, the Diophantine equation ax + by = c has x = txo and y = tyo as a partic- 
ular solution. This proves part of our next theorem. 


Theorem 2.9. The linear Diophantine equation ax + by = c has a solution if and only 
if d|c, where d = gcd(a, b). If xo, yo is any particular solution of this equation, then 
all other solutions are given by 


Pe Ray (=): 
=m = =y—-{- 
0 d | eee d 
where ¢ is an arbitrary integer. 
Proof. To establish the second assertion of the theorem, let us suppose that a solution 
Xo, yo of the given equation is known. If x’, y’ is any other solution, then 

axy + byy = c = ax'+ by’ 
which is equivalent to 

a(x’ — xo) = b(yo — y’) 


By the corollary to Theorem 2.4, there exist relatively prime integers r and s such that 
a = dr,b = ds. Substituting these values into the last-written equation and canceling 
the common factor d, we find that 


r(x’ — xo) = s(yo — y’) 


The situation is now this: r | s(yo — y’), with gcd(r, s) = 1. Using Euclid’s lemma, it 
must be the case that r | (yp — y’); or, in other words, yo — y’ = rt for some integer f. 
Substituting, we obtain 


x’ — x9 = st 


This leads us to the formulas 


pomtacns(d 
=Xo9 + St =Xo + 7 t 


pee pene pene 
Se ana Sk a (or I 


It is easy to see that these values satisfy the Diophantine equation, regardless of the 
choice of the integer f; for 


ax' + by! =a E 4: (2) | +b] yo = (5) | 


Ganetb yd ab ab : 
= (ax Si 
0 YO d d 
=c+0-t 
=c 
Thus, there are an infinite number of solutions of the given equation, one for each value 
of ft. 
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Example 2.4. Consider the linear Diophantine equation 
172x + 20y = 1000 
Applying the Euclidean’s Algorithm to the evaluation of gcd(172, 20), we find that 
172 = 8-204 12 


20 =1-12+8 
[Sages 
8-2-4 


whence gcd(172, 20) = 4. Because 4 | 1000, a solution to this equation exists. To obtain 
the integer 4 as a linear combination of 172 and 20, we work backward through the 
previous calculations, as follows: 


4= 128 
= 12— (20-12) 
= 2-12: =20 


= 2(172 — 8 - 20) — 20 
= 2112 17) 20 
Upon multiplying this relation by 250, we arrive at 
1000 = 250- 4 = 250[2 - 172 + (—17)20] 
= 500 - 172 + (—4250)20 


so that x = 500 and y = —4250 provide one solution to the Diophantine equation in 
question. All other solutions are expressed by 


x = 500 + (20/4)t = 500 + 5t 
y = —4250 — (172/4)t = —4250 — 43t 
for some integer f. 


A little further effort produces the solutions in the positive integers, if any happen 
to exist. For this, f must be chosen to satisfy simultaneously the inequalities 


5t +500 > 0 — 43t — 4250 > 0 
or, what amounts to the same thing, 
36 
rT >t > -—100 


Because t must be an integer, we are forced to conclude that t = —99. Thus, our 
Diophantine equation has a unique positive solution x = 5, y = 7 corresponding to 
the value t = —99. 


It might be helpful to record the form that Theorem 2.9 takes when the coeffi- 


cients are relatively prime integers. 


Corollary. If gcd(a, b) = 1 and if xo, yo is a particular solution of the linear Diophan- 
tine equation ax + by = c, then all solutions are given by 


x =xo+ bt y= yo —at 


for integral values of f. 
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Here is an example. The equation 5x + 22y = 18 has xp = 8, yp = —1 as one 
solution; from the corollary, a complete solution is given by x = 8+ 22r, 
y = —1 — 5t for arbitrary ¢. 

Diophantine equations frequently arise when solving certain types of traditional 
word problems, as evidenced by Example 2.5. 


Example 2.5. A customer bought a dozen pieces of fruit, apples and oranges, for 
$1.32. If an apple costs 3 cents more than an orange and more apples than oranges 
were purchased, how many pieces of each kind were bought? 

To set up this problem as a Diophantine equation, let x be the number of apples 
and y be the number of oranges purchased; in addition, let z represent the cost (in 
cents) of an orange. Then the conditions of the problem lead to 


(ga 3x zy = 132 
or equivalently 
Se ES Vz = 132 
Because x + y = 12, the previous equation may be replaced by 
Oe lac 132 


which, in turn, simplifies to x + 4z = 44. 
Stripped of inessentials, the object is to find integers x and z satisfying the 
Diophantine equation 


x+4z7=44 (1) 


Inasmuch as gcd (1, 4) = 1 is a divisor of 44, there is a solution to this equation. Upon 
multiplying the relation 1 = 1(—3) + 4- 1 by 44 to get 


44 = 1(-132)+4-44 


it follows that x9 = —132, z) = 44 serves as one solution. All other solutions of 
Eq. (1) are of the form 


x = —-132+4t z=—44-t 


where f is an integer. 

Not all of the choices for ¢ furnish solutions to the original problem. Only values 
of ¢ that ensure 12 > x > 6 should be considered. This requires obtaining those values 
of ¢ such that 


12 > -132+4t > 6 


Now, 12 > —132 + 4t implies that t < 36, whereas —132 + 4t > 6 gives t > 345. 
The only integral values of ¢ to satisfy both inequalities are t = 35 and t = 36. Thus, 
there are two possible purchases: a dozen apples costing 11 cents apiece (the case 
where t = 36), or 8 apples at 12 cents each and 4 oranges at 9 cents each (the case 
where t = 35). 


Linear indeterminate problems such as these have a long history, occurring as 
early as the Ist century in the Chinese mathematical literature. Owing to a lack of 
algebraic symbolism, they often appeared in the guise of rhetorical puzzles or riddles. 
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The contents of the Mathematical Classic of Chang Ch’ iu-chien (6th century) attest 
to the algebraic abilities of the Chinese scholars. This elaborate treatise contains one 
of the most famous problems in indeterminate equations, in the sense of transmission 
to other societies—the problem of the “hundred fowls.” The problem states: 


If a cock is worth 5 coins, a hen 3 coins, and three chicks together 1 coin, how many 
cocks, hens, and chicks, totaling 100, can be bought for 100 coins? 


In terms of equations, the problem would be written (if x equals the number of cocks, 
y the number of hens, z the number of chicks): 


1 
Pee Ve ae x+y+z=100 


Eliminating one of the unknowns, we are left with a linear Diophantine equation 
in the two other unknowns. Specifically, because the quantity z = 100 — x — y, we 
have 5x + 3y + +(100 —x — y) = 100, or 


7x +4y = 100 


This equation has the general solution x = 4t, y = 25 — 7t, so that z = 75 + 3t, 
where ¢ is an arbitrary integer. Chang himself gave several answers: 


x=4 y= 18 z= 78 
x=8 y=l11 7=81 
x=12 y=4 7z=84 


A little further effort produces all solutions in the positive integers. For this, t must 
be chosen to satisfy simultaneously the inequalities 


4t>0 25 —7t>0 75+ 3t>0 


The last two of these are equivalent to the requirement —25 < ft < 35. Because t 
must have a positive value, we conclude that t = 1, 2, 3, leading to precisely the 
values Chang obtained. 


PROBLEMS 2.5 


1. Which of the following Diophantine equations cannot be solved? 
(a) 6x +51ly = 22. 
(b) 33x + 14y = 115. 
(c) 14x + 35y = 93. 
2. Determine all solutions in the integers of the following Diophantine equations: 
(a) 56x + 72y = 40. 
(b) 24x + 138y = 18. 
(c) 221x + 35y = 11. 
3. Determine all solutions in the positive integers of the following Diophantine equations: 
(a) 18x + 5y = 48. 
(b) 54x + 21y = 906. 
(c) 123x + 360y = 99. 
(d) 158x —57y =7. 
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. If a and D are relatively prime positive integers, prove that the Diophantine equation 


ax — by = c has infinitely many solutions in the positive integers. 

[Hint: There exist integers x9 and yo such that axo + byo = c. For any integer ¢, 
which is larger than both | x9 | /b and | yo | /a, a positive solution of the given equation is 
x =x + bt, y = —(y0 —at).] 


. (a) A man has $4.55 in change composed entirely of dimes and quarters. What are the 


maximum and minimum number of coins that he can have? Is it possible for the 
number of dimes to equal the number of quarters? 

(b) The neighborhood theater charges $1.80 for adult admissions and $.75 for children. 
On a particular evening the total receipts were $90. Assuming that more adults than 
children were present, how many people attended? 

(c) A certain number of sixes and nines is added to give a sum of 126; if the number of 
sixes and nines is interchanged, the new sum is 114. How many of each were there 
originally? 


. A farmer purchased 100 head of livestock for a total cost of $4000. Prices were as follow: 


calves, $120 each; lambs, $50 each; piglets, $25 each. If the farmer obtained at least one 
animal of each type, how many of each did he buy? 


- When Mr. Smith cashed a check at his bank, the teller mistook the number of cents for 


the number of dollars and vice versa. Unaware of this, Mr. Smith spent 68 cents and then 
noticed to his surprise that he had twice the amount of the original check. Determine the 
smallest value for which the check could have been written. 

[Hint: If x denotes the number of dollars and y the number of cents in the check, then 
100y + x — 68 = 2(100x + y).] 


- Solve each of the puzzle-problems below: 


(a) Alcuin of York, 775. One hundred bushels of grain are distributed among 100 persons 
in such a way that each man receives 3 bushels, each woman 2 bushels, and each child 
5 bushel. How many men, women, and children are there? 

(b) Mahaviracarya, 850. There were 63 equal piles of plantain fruit put together and 7 
single fruits. They were divided evenly among 23 travelers. What is the number of 
fruits in each pile? 

[Hint: Consider the Diophantine equation 63x + 7 = 23y.] 

(c) Yen Kung, 1372. We have an unknown number of coins. If you make 77 strings of 
them, you are 50 coins short; but if you make 78 strings, it is exact. How many coins 
are there? 

[Hint: If N is the number of coins, then N = 77x +27=78y for integers 
x and y.] 

(d) Christoff Rudolff, 1526. Find the number of men, women, and children in a company 
of 20 persons if together they pay 20 coins, each man paying 3, each woman 2, and 
each child 5. 

(e) Euler, 1770. Divide 100 into two summands such that one is divisible by 7 and the 
other by 11. 
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PRIMES AND THEIR DISTRIBUTION 


Mighty are numbers, joined with art resistless. 
EURIPIDES 


3.1 THE FUNDAMENTAL THEOREM OF ARITHMETIC 


Essential to everything discussed herein—in fact, essential to every aspect of number 
theory—is the notion of a prime number. We have previously observed that any 
integer a > 1 is divisible by +1 and + a; if these exhaust the divisors of a, then it 
is Said to be a prime number. In Definition 3.1 we state this somewhat differently. 


Definition 3.1. An integer p > 1 is called a prime number, or simply a prime, if its 
only positive divisors are 1 and p. An integer greater than 1 that is not a prime is termed 
composite. 


Among the first 10 positive integers, 2, 3, 5, 7 are primes and 4, 6, 8, 9, 10 are 
composite numbers. Note that the integer 2 is the only even prime, and according to 
our definition the integer 1 plays a special role, being neither prime nor composite. 

In the rest of this book, the letters p and qg will be reserved, so far as is possible, 
for primes. 

Proposition 14 of Book IX of Euclid’s Elements embodies the result that later 
became known as the Fundamental Theorem of Arithmetic, namely, that every inte- 
ger greater than 1 can, except for the order of the factors, be represented as a product 
of primes in one and only one way. To quote the proposition itself: “If a number be 
the least that is measured by prime numbers, it will not be measured by any other 
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prime except those originally measuring it.” Because every number a > 1 is either 
a prime or, by the Fundamental Theorem, can be broken down into unique prime 
factors and no further, the primes serve as the building blocks from which all other 
integers can be made. Accordingly, the prime numbers have intrigued mathemati- 
cians through the ages, and although a number of remarkable theorems relating to 
their distribution in the sequence of positive integers have been proved, even more 
remarkable is what remains unproved. The open questions can be counted among 
the outstanding unsolved problems in all of mathematics. 

To begin on a simpler note, we observe that the prime 3 divides the integer 36, 
where 36 may be written as any one of the products 


6-6=9-4=12-3=18.-2 


In each instance, 3 divides at least one of the factors involved in the product. This is 
typical of the general situation, the precise result being Theorem 3.1. 


Theorem 3.1. If p is a prime and p|ab, then p|a or p |b. 


Proof. If p|a, then we need go no further, so let us assume that p J a. Because 
the only positive divisors of p are 1 and p itself, this implies that gcd(p, a) = 1. in 
general, gcd(p, a) = p or gcd(p, a) = 1 according as p|a or p { a.) Hence, citing 
Euclid’s lemma, we get p |b. 


This theorem easily extends to products of more than two terms. 
Corollary 1. If p isaprime and p | a;a2---a,, then p | a, forsomek, where 1 < k <n. 


Proof. We proceed by induction on n, the number of factors. When n = 1, the stated 
conclusion obviously holds; whereas when n = 2, the result is the content of Theorem 
3.1. Suppose, as the induction hypothesis, that n > 2 and that whenever p divides a 
product of less than n factors, it divides at least one of the factors. Now p | aja2- ++ dn. 
From Theorem 3.1, either p | a, or p | @,a2---G@,_1. If p | a,, then we are through. As 
regards the case where p | a a2 ---a, _1, the induction hypothesis ensures that p | a; 
for some choice of k, with 1 < k <n — 1. In any event, p divides one of the integers 
G15 02, 254 Gy. 


Corollary 2. If p, qi, qo,.--, Qn are all primes and p|qigo-:+dn, then p = gq, for 
some k, where 1 < k <n. 


Proof. By virtue of Corollary 1, we know that p | q, for some k, with 1 < k < n. Being 
a prime, gx is not divisible by any positive integer other than 1 or gq; itself. Because 
p > 1, we are forced to conclude that p = qx. 


With this preparation out of the way, we arrive at one of the cornerstones of 
our development, the Fundamental Theorem of Arithmetic. As indicated earlier, 
this theorem asserts that every integer greater than 1 can be factored into primes 
in essentially one way; the linguistic ambiguity essentially means that 2-3-2 is 
not considered as being a different factorization of 12 from 2-2-3. We state this 
precisely in Theorem 3.2. 
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Theorem 3.2 Fundamental Theorem of Arithmetic. Every positive integer n > 1 
is either a prime or a product of primes; this representation is unique, apart from the 
order in which the factors occur. 


Proof. Either n is a prime or it is composite; in the former case, there is nothing 
more to prove. If n is composite, then there exists an integer d satisfying d|n and 
1 < d <n. Among all such integers d, choose p, to be the smallest (this is possible 
by the Well-Ordering Principle). Then p; must be a prime number. Otherwise it too 
would have a divisor g with 1 < gq < p;; but then g | p; and p;|n imply that q |n, 
which contradicts the choice of p; as the smallest positive divisor, not equal to 1, of n. 

We therefore may writen = pin 1, where p; is prime and1 < n, < n.Ifn; happens 
to be a prime, then we have our representation. In the contrary case, the argument is 
repeated to produce a second prime number p2 such that n; = pn; that is, 


nN = Pi p2n2 l<ny <n 


If nz is a prime, then it is not necessary to go further. Otherwise, write ny = p3n3, with 
p3 a prime: 


Nn = Pi P2p3N3 1<n3 <n 
The decreasing sequence 
n>n>n>:::>1 


cannot continue indefinitely, so that after a finite number of steps nz_ 1s a prime, call 
it, px. This leads to the prime factorization 


n= Pi p2::> Pe 


To establish the second part of the proof—the uniqueness of the prime 
factorization—let us suppose that the integer n can be represented as a product of 
primes in two ways; say, 


n= Pip2°** Pr = 9192°°* Qs Les 
where the p; and q; are all primes, written in increasing magnitude so that 
Pi Dos ors Py WEBS 2d 


Because pj | 9192 ---@s, Corollary 2 of Theorem 3.1 tells us that p; = q, for some k; 
but then p; > q;. Similar reasoning gives q; > pi, whence p; = q;. We may cancel 
this common factor and obtain 


P2P3 +++ Dr = 9293 9s 
Now repeat the process to get p2 = q» and, in turn, 


P3P4°°° Pr = 9394°°°s 


Continue in this fashion. If the inequality r < s were to hold, we would eventually 
arrive at 


1 = Gr4ir42°** Qs 
which is absurd, because each q; > 1. Hence,r = s and 
A= P2 = 92,--+,5 Pr =r 


making the two factorizations of n identical. The proof is now complete. 
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Of course, several of the primes that appear in the factorization of a given positive 
integer may be repeated, as is the case with 360 = 2-2-2-3-3.-5. By collecting 
like primes and replacing them by a single factor, we can rephrase Theorem 3.2 as 
a corollary. 


Corollary. Any positive integer n > 1 can be written uniquely in a canonical form 


kik Es 
N= P\' Py *** P, 
where, fori = 1,2,...,7, each k; is a positive integer and each p; is a prime, with 


Pi < p2 <°+:+: < Pr. 


To illustrate, the canonical form of the integer 360 is 360 = 2° - 37 - 5. As further 
examples we cite 


4725 = 3°. 57.7 and 17460 = 2° .37-5-77 


Prime factorizations provide another means of calculating greatest common 
divisors. For suppose that p1, p2, ..., Pn are the distinct primes that divide either of 
a or b. Allowing zero exponents, we can write 


ky ko j j i 
a=pi'p.---p, b= p!' pi --- ph 
Then 
gcd(a, b) = pj! py ++ pi 


where r; = min(k;, j;), the smaller of the two exponents associated with p; in the 
two representations. In the case a = 4725 and b = 17460, we would have 


A725 = 2° .3°.5*.7, 7460 =2?.37-.5-.7% 
and so 
gcd(4725, 17460) = 2°. 3*-5-7- = 315 


This is an opportune moment to insert a famous result of Pythagoras. 
Mathematics as a science began with Pythagoras (569-500 B.c.), and much of the 
content of Euclid’s Elements is due to Pythagoras and his school. The Pythagoreans 
deserve the credit for being the first to classify numbers into odd and even, prime 
and composite. 


Theorem 3.3 Pythagoras. The number V2 is irrational. 


Proof. Suppose, to the contrary, that /2 is a rational number, say, 2 = a/b, where 
a and b are both integers with gcd(a, b) = 1. Squaring, we get a? = 2b, so that b | a”. 
If b > 1, then the Fundamental Theorem of Arithmetic guarantees the existence of a 
prime p such that p |b. It follows that p|a? and, by Theorem 3.1, that p |a; hence, 
gcd(a, b) > p. We therefore arrive at a contradiction, unless b = 1. But if this happens, 
then a? = 2, which is impossible (we assume that the reader is willing to grant that 
no integer can be multiplied by itself to give 2). Our supposition that /2 is a rational 
number is untenable, and so /2 must be irrational. 
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There is an interesting variation on the proof of Theorem 3.3. If /2 = a/b with 


gcd(a, b) = 1, there must exist integers r and s satisfying ar + bs = 1. As aresult, 


/2= /2(ar + bs) = (/2a)r + (/2b)s = 2br+as 


This representation of 2 leads us to conclude that /2 is an integer, an obvious 
impossibility. 


PROBLEMS 3.1 


1. 


2. 


eo e-~I 


10. 
11. 


12. 
13. 


It has been conjectured that there are infinitely many primes of the form n* — 2. Exhibit 
five such primes. 

Give an example to show that the following conjecture is not true: Every positive integer 
can be written in the form p + a, where p is either a prime or 1, anda > 0. 


. Prove each of the assertions below: 


(a) Any prime of the form 3n + 1 is also of the form 6m + 1. 
(b) Each integer of the form 3n + 2 has a prime factor of this form. 
(c) The only prime of the form n? — 1 is 7. 

[Hint: Write n>? — 1 as (n — 1)(n? +n+4+1).] 
(d) The only prime p for which 3p + 1 is a perfect square is p = 5. 
(e) The only prime of the form n? — 4 is 5. 


. If p > 5 is a prime number, show that p? + 2 is composite. 


[Hint: p takes one of the forms 6k + 1 or 6k + 5.] 


. (a) Given that p is aprime and p|a”, prove that p” | a”. 


(b) If gcd(a, b) = p,aprime, whatare the possible values of gcd(a?, b?), gcd(a?, b) and 
gcd(a3, b?)? 


. Establish each of the following statements: 


(a) Every integer of the form n* + 4, with n > 1, is composite. 
[Hint: Write n* + 4 as a product of two quadratic factors. ] 
(b) Ifn > 4 1s composite, then n divides (n — 1)!. 
(c) Any integer of the form 8” + 1, where n > 1, is composite. 
[Hint: 2” + 1|2°"+1,] 
(d) Each integer n > 11 can be written as the sum of two composite numbers. 
[Hint: Ifn is even, sayn = 2k, thenn — 6 = 2(k — 3); forn odd, consider the integer 
n—9,] 


. Find all prime numbers that divide 50!. 
. If p > gq => Sand p and gq are both primes, prove that 24 | p? — q?. 
. (a) An unanswered question is whether there are infinitely many primes that are 1 more 


than a power of 2, such as 5 = 2” + 1. Find two more of these primes. 
(b) A more general conjecture is that there exist infinitely many primes of the form 
n? + 1; for example, 257 = 167 + 1. Exhibit five more primes of this type. 
If p #5 is an odd prime, prove that either p? — 1 or p? + 1 is divisible by 10. 
Another unproven conjecture is that there are an infinitude of primes that are 1 less than 
a power of 2, such as 3 = 2? — 1. 
(a) Find four more of these primes. 
(b) If p = 2* — 1 is prime, show that k is an odd integer, except when k = 2. 
[Hint: 3 | 4” — 1 for alln > 1.] 
Find the prime factorization of the integers 1234, 10140, and 36000. 
Ifn > 1 is an integer not of the form 6k + 3, prove that n* + 2” is composite. 
[Hint: Show that either 2 or 3 divides n? + 2”.] 
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14. It has been conjectured that every even integer can be written as the difference of two 
consecutive primes in infinitely many ways. For example, 


6 = 29 — 23 = 137 — 131 = 599 — 593 = 1019 — 1013 = - -- 


Express the integer 10 as the difference of two consecutive primes in 15 ways. 

15. Prove that a positive integer a > 1 is a square if and only if in the canonical form of a 
all the exponents of the primes are even integers. 

16. An integer is said to be square-free if it is not divisible by the square of any integer greater 
than 1. Prove the following: 

(a) An integer n > 1 is square-free if and only if n can be factored into a product of 
distinct primes. 

(b) Every integer n > 1 is the product of a square-free integer and a perfect square. 
[Hint: If n = p'' pi? --- p® is the canonical factorization of n, then write k; = 
2q; +1r; where r; = 0 or 1 according as k; is even or odd.] 

17. Verify that any integer n can be expressed as n = 2m, where k > 0 and m is an odd 
integer. 
18. Numerical evidence makes it plausible that there are infinitely many primes p such that 

p + 501s also prime. List 15 of these primes. 

19. A positive integer n is called square-full, or powerful, if p? |n for every prime factor p 
of n (there are 992 square-full numbers less than 250,000). If n is square-full, show that 
it can be written in the form n = a*b?, with a and b positive integers. 


3.2 THE SIEVE OF ERATOSTHENES 


Given a particular integer, how can we determine whether it is prime or composite 
and, in the latter case, how can we actually find a nontrivial divisor? The most 
obvious approach consists of successively dividing the integer in question by each 
of the numbers preceding it; if none of them (except 1) serves as a divisor, then the 
integer must be prime. Although this method is very simple to describe, it cannot 
be regarded as useful in practice. For even if one is undaunted by large calculations, 
the amount of time and work involved may be prohibitive. 

There is a property of composite numbers that allows us to reduce materially 
the necessary computations—but still the process remains cumbersome. If an in- 
teger a > 1 is composite, then it may be written as a = bc, where 1 < b < a and 
1 <c <a. Assuming that b < c, we get b* < bc =a, and so b < Ja. Because 
b > 1, Theorem 3.2 ensures that b has at least one prime factor p. Then p < b < /a; 
furthermore, because p |b and b | a, it follows that p | a. The point is simply this: a 
composite number a will always possess a prime divisor p satisfying p < ./a. 

In testing the primality of a specific integer a > 1, it therefore suffices to divide 
a by those primes not exceeding ./a (presuming, of course, the availability of a 
list of primes up to /a). This may be clarified by considering the integer a = 509. 
Inasmuch as 22 < /509 < 23, we need only try out the primes that are not larger 
than 22 as possible divisors, namely, the primes 2, 3, 5, 7, 11, 13, 17, 19. Dividing 
509 by each of these, in turn, we find that none serves as a divisor of 509. The 
conclusion is that 509 must be a prime number. 
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Example 3.1. The foregoing technique provides a practical means for determining the 
canonical form of an integer, say a = 2093. Because 45 < 2093 < 46, it is enough 
to examine the primes 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43. By trial, the 
first of these to divide 2093 is 7, and 2093 = 7 - 299. As regards the integer 299, the 
seven primes that are less than 18 (note that 17 < /299 < 18) are 2, 3,5, 7,11, 13,17. 
The first prime divisor of 299 is 13 and, carrying out the required division, we obtain 
299 = 13 - 23. But 23 is itself a prime, whence 2093 has exactly three prime factors, 
7, 13, and 23: 


2093 = 7-13-23 


Another Greek mathematician whose work in number theory remains significant 
is Eratosthenes of Cyrene (276-194 B.c.). Although posterity remembers him mainly 
as the director of the world-famous library at Alexandria, Eratosthenes was gifted in 
all branches of learning, if not of first rank in any; in his own day, he was nicknamed 
“Beta” because, it was said, he stood at least second in every field. Perhaps the 
most impressive feat of Eratosthenes was the accurate measurement of the earth’s 
circumference by a simple application of Euclidean geometry. 

We have seen that if an integer a > 1 is not divisible by any prime p < ,/a, 
then a is of necessity a prime. Eratosthenes used this fact as the basis of a clever 
technique, called the Sieve of Eratosthenes, for finding all primes below a given 
integer n. The scheme calls for writing down the integers from 2 to n in their 
natural order and then systematically eliminating all the composite numbers by 
striking out all multiples 2p, 3p, 4p, 5p,... of the primes p < ./n. The in- 
tegers that are left on the list—those that do not fall through the “sieve”—are 


primes. 
To see an example of how this works, suppose that we wish to find all primes 
not exceeding 100. Consider the sequence of consecutive integers 2, 3, 4, ... ,100. 


Recognizing that 2 is a prime, we begin by crossing out all even integers from our 
listing, except 2 itself. The first of the remaining integers is 3, which must be a 
prime. We keep 3, but strike out all higher multiples of 3, so that 9, 15, 21, ... are 
now removed (the even multiples of 3 having been removed in the previous step). 
The smallest integer after 3 that has not yet been deleted is 5. It is not divisible by 
either 2 or 3—otherwise it would have been crossed out—hence, it is also a prime. 
All proper multiples of 5 being composite numbers, we next remove 10, 15, 20, ... 
(some of these are, of course, already missing), while retaining 5 itself. The first 
surviving integer 7 is a prime, for it is not divisible by 2, 3, or 5, the only primes 
that precede it. After eliminating the proper multiples of 7, the largest prime less 
than / 100 = 10, all composite integers in the sequence 2, 3, 4, ... , 100 have fallen 
through the sieve. The positive integers that remain, to wit, 2, 3,5, 7, 11, 13, 17, 19, 
23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, are all of the primes 
less than 100. 

The following table represents the result of the completed sieve. The multiples 
of 2 are crossed out by \; the multiples of 3 are crossed out by /; the multiples of 5 
are crossed out by —; the multiples of 7 are crossed out by ~. 
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By this point, an obvious question must have occurred to the reader. Is there a 
largest prime number, or do the primes go on forever? The answer is to be found 
in a remarkably simple proof given by Euclid in Book IX of his Elements. Euclid’s 
argument is universally regarded as a model of mathematical elegance. Loosely 
speaking, it goes like this: Given any finite list of prime numbers, one can always 
find a prime not on the list; hence, the number of primes is infinite. The actual details 
appear below. 


Theorem 3.4 Euclid. There is an infinite number of primes. 


Proof. Euclid’s proof is by contradiction. Let p; = 2, po = 3, p3 = 5, pa = 7, ... be 
the primes in ascending order, and suppose that there is a last prime, called p,. Now 
consider the positive integer 


P = pip2::: Pratl 


Because P > 1, we may put Theorem 3.2 to work once again and conclude that P 
is divisible by some prime p. But pj, p2,..., Pn are the only prime numbers, so 
that p must be equal to one of pj, p2,.-., Pn. Combining the divisibility relation 
P| Pip2::* Pn With p| P, we arrive at p| P — pip2--- Pp or, equivalently, p | 1. The 
only positive divisor of the integer 1 is 1 itself and, because p > 1, a contradiction 
arises. Thus, no finite list of primes is complete, whence the number of primes is 
infinite. 


For a prime p, define p* to be the product of all primes that are less than or equal 
to p. Numbers of the form p* + 1 might be termed Euclidean numbers, because they 
appear in Euclid’s scheme for proving the infinitude of primes. It is interesting to 
note that in forming these integers, the first five, namely, 


2#41=24+1=3 
3#41=2-34+1=7 
5¢4+1=2-3-54+1=31 
Fe4+1=2-3-5-74+1=211 
11474+1=2-3-5-7-114+1= 2311 
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are all prime numbers. However, 


13#+ 1 = 59-509 
17#+1=19-97-277 
19* + 1 = 347 . 27953 


are not prime. A question whose answer is not known is whether there are infinitely 
many primes p for which p* + 1 is also prime. For that matter, are there infinitely 
many composite p* + 1? 

At present, 22 primes of the form p* + 1 have been identified. The first few 
correspond to the values p = 2, 3, 5, 7, 11, 31, 379, 1019, 1021, 2657, 3229. The 
twenty-second occurs when p = 392113 and consists of 169966 digits. It was found 
in 2001. 

Euclid’s theorem is too important for us to be content with a single proof. Here 
is a variation in the reasoning: Form the infinite sequence of positive integers 


ae 

ng =n+1 
n3=nyn2+1 
ng = nynN2n3 + 1 


Ny = NjN2°**NkK-| +1 


Because each n; > 1, each of these integers is divisible by a prime. But no two 
n, can have the same prime divisor. To see this, let d = gcd(n;,n,) and suppose 
that i < k. Then d divides n; and, hence, must divide n,n2 ---nz_,. Because d | nx, 
Theorem 2.2 (g) tells us that d|n, —nn2---nxg_; or d| 1. The implication is that 
d = 1, and so the integers n,(k = 1, 2, ...) are pairwise relatively prime. The point 
we wish to make is that there are as many distinct primes as there are integers nz, 
namely, infinitely many of them. 

Let p, denote the nth of the prime numbers in their natural order. Euclid’s proof 
shows that the expression pj P2--- Pn + 1 is divisible by at least one prime. If there 
are several such prime divisors, then p,+; cannot exceed the smallest of these so 
that Pati < PiP2°-* Pn + 1forn => 1. Another way of saying the same thing is that 


Pn S Pip2*+* Pn-1 +1 n>=2 


With a slight modification of Euclid’s reasoning, this inequality can be improved to 
give 


Pn S Pip2*** Pn-1 — 1 n>3 
For instance, when n = 5, this tells us that 


Vie AS = 900 
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We can see that the estimate is rather extravagant. A sharper limitation on the size 
of py is given by Bonse’s inequality, which states that 


P< Pipr-* Prt =n =5 
This inequality yields pS < 210, or ps < 14. A somewhat better size-estimate for 
Ps comes from the inequality 
Pin = P2p3-°* Pa 2 nes 
Here, we obtain 
Ps < Po = pop3 —-2=3-5-—2=13 


To approximate the size of p, from these formulas, it is necessary to know the 
values of p}, P2,..., Pn—1. For a bound in which the preceding primes do not enter 
the picture, we have the following theorem. 


Theorem 3.5. If p, is the nth prime number, then p, < pe 


Proof. Let us proceed by induction on n, the asserted inequality being clearly true 
when n = 1. As the hypothesis of the induction, we assume that n > 1 and that the 
result holds for all integers up to n. Then 
Pnti S Pip2-*:Pnt1 

aly a ee Q2"1 ues Q1+242?4...42"71 of 

Recalling the identity 1 + 2+ 2? +.---+2"-! = 2” — 1, we obtain 
Pn+i = 2a +1 
However, 1 < 2?"~! for all n; whence 
Pasi = g2"—1 a g2"—l 
=9.. g2"—1 = 92" 


completing the induction step, and the argument. 


There is a corollary to Theorem 3.5 that is of interest. 
Corollary. For n > 1, there are at least n + 1 primes less than as 


Proof. From the theorem, we know that p;, p2,..., Pn41 are all less than 27". 


We can do considerably better than is indicated by Theorem 3.5. In 1845, Joseph 
Bertrand conjectured that the prime numbers are well distributed in the sense that 
between n > 2 and 2n there is at least one prime. He was unable to establish his con- 
jecture, but verified it for all < 3,000,000. (One way of achieving this is to consider 
a sequence of primes 3, 5, 7, 13, 23, 43, 83, 163, 317, 631, 1259, 2503, 5003, 9973, 
19937, 39869, 79699, 159389, ... each of which is less than twice the preceding.) 
Because it takes some real effort to substantiate this famous conjecture, let us content 
ourselves with saying that the first proof was carried out by the Russian mathemati- 
cian P. L. Tchebycheff in 1852. Granting the result, it is not difficult to show that 


eS re 2 
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and as a direct consequence, py+1 < 2p, forn > 2. In particular, 
11 = ps <2-pa= 14 


To see that p, < 2”, we argue by induction on n. Clearly, pp = 3 < 27, so that 
the inequality is true here. Now assume that the inequality holds for an integer n, 
whence p, < 2”. Invoking Bertrand’s conjecture, there exists a prime number p 
satisfying 2” < p < 2"*!; thatis, p, < p. This immediately leads to the conclusion 
that p41 < p < 2”*!, which completes the induction and the proof. 

Primes of special form have been of perennial interest. Among these, the repunit 
primes are outstanding in their simplicity. A repunit is an integer written (in decimal 
notation) as a string of 1’s, such as 11, 111, or 1111. Each such integer must have 
the form (10” — 1)/9. We use the symbol R, to denote the repunit consisting of 
n consecutive 1’s. A peculiar feature of these numbers is the apparent scarcity of 
primes among them. So far, only Ro, Rio, R93, R317, Ri031; R49081;5 Rg64535 Rj09297; 
and R479343 have been identified as primes (the last one in 2007). It is known that the 
only possible repunit primes R,, for alln < 49000 are the nine numbers just indicated. 
No conjecture has been made as to the existence of any others. For a repunit R,, to 
be prime, the subscript n must be a prime; that this is not a sufficient condition is 
shown by 


Rs = 11111 = 41-271 R7 = 1111111 = 239 - 4649 


PROBLEMS 3.2 


1. Determine whether the integer 701 is prime by testing all primes p < 701 as possible 
divisors. Do the same for the integer 1009. 

2. Employing the Sieve of Eratosthenes, obtain all the primes between 100 and 200. 

3. Given that p { n forall primes p < 2/n, show thatn > 1 is either a prime or the product 
of two primes. 
[Hint: Assume to the contrary that n contains at least three prime factors.] 

4. Establish the following facts: 
(a) ./p is irrational for any prime p. 
(b) If a is a positive integer and “/a is rational, then 7/a must be an integer. 
(c) Forn > 2, 2/n is irrational. 

[Hint: Use the fact that 2” > n.] 

5. Show that any composite three-digit number must have a prime factor less than or equal 
to 31. 

6. Fill in any missing details in this sketch of a proof of the infinitude of primes: Assume 
that there are only finitely many primes, say pi, P2,..., Pn. Let A be the product of any 
r of these primes and put B = p; p2--: p,/A. Then each p,; divides either A or B, but 
not both. Because A + B > 1, A+ B has a prime divisor different from any of the px, 
which is a contradiction. 

7. Modify Euclid’s proof that there are infinitely many primes by assuming the existence 
of a largest prime p and using the integer N = p! + 1 to arrive at a contradiction. 

8. Give another proof of the infinitude of primes by assuming that there are only finitely many 
primes, say Pj, p2,..., Pn, and using the following integer to arrive at a contradiction: 


N = P2p3°** Pn + Pip3+** Pn +++: + Pip2-** Pn-1 
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9. (a) Prove that if n > 2, then there exists a prime p satisfying n < p <n!. 
[Hint: If n! — 1 is not prime, then it has a prime divisor p; and p < n implies p | n!, 
leading to a contradiction.] 
(b) For n > 1, show that every prime divisor of n! + 1 is an odd integer that is greater 
than n. 

10. Let g, be the smallest prime that is strictly greater than P, = p; p2--- Pn + 1. Ithas been 
conjectured that the difference g, — (pi p2--- Pn) 1s always a prime. Confirm this for the 
first five values of n. 

11. If p, denotes the nth prime number, put d, = pyj+1 — Pn. An open question is whether 
the equation d, = d,,,, has infinitely many solutions. Give five solutions. 

12. Assuming that p, is the nth prime number, establish each of the following statements: 
(a) Pp > 2n —1 forn > 5. 

(b) None of the integers P, = pi p2--- Pn + 118 a perfect square. 
[Hint: Each P,, is of the form 4k + 3 forn > 1.] 
(c) The sum 


is never an integer. 
13. For the repunits R,, verify the assertions below: 
(a) Ifn|m, then R, | Rm- 
(Hint: If m = kn, consider the identity 


x a (x” ss 1)(x@—" at x k-2)n Sede x" a 1).] 


(b) Ifd|R, andd|R,,, thend | Ry4n.- 
[Hint: Show that Rnin = R,10" + Rn.) 
(c) If gcd(n, m) = 1, then gcd(R,, Ry) = 1. 
14. Use the previous problem to obtain the prime factors of the repunit Rio. 


3.3 THE GOLDBACH CONJECTURE 


Although there is an infinitude of primes, their distribution within the positive inte- 
gers is most mystifying. Repeatedly in their distribution we find hints or, as it were, 
shadows of a pattern; yet an actual pattern amenable to precise description remains 
elusive. The difference between consecutive primes can be small, as with the pairs 
11 and 13, 17 and 19, or for that matter 1000000000061 and 1000000000063. At 
the same time there exist arbitrarily long intervals in the sequence of integers that 
are totally devoid of any primes. 

It is an unanswered question whether there are infinitely many pairs of twin 
primes; that is, pairs of successive odd integers p and p + 2 that are both primes. 
Numerical evidence leads us to suspect an affirmative conclusion. Electronic com- 
puters have discovered 152891 pairs of twin primes less than 30000000 and 20 pairs 
between 10!? and 10!7+ 10000, which hints at their growing scarcity as the positive 
integers increase in magnitude. Many examples of immense twins are known. The 
largest twins to date, each 100355 digits long, 


65516468355 - 2797333 + 1 


were discovered in 2009. 
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Consecutive primes not only can be close together, but also can be far apart; that 
is, arbitrarily large gaps can occur between consecutive primes. Stated precisely: 
Given any positive integer n, there exist n consecutive integers, all of which are 
composite. To prove this, we simply need to consider the integers 


n+ D4 Geil 3 at Dit Ge) 


where (n+ 1)! = (n+ 1)-n---3-2-1. Clearly there are n integers listed, and 
they are consecutive. What is important is that each integer is composite. Indeed, 
(n + 1)! + 2 is divisible by 2, (n + 1)! + 3 is divisible by 3, and so on. 

For instance, if a sequence of four consecutive composite integers is desired, 
then the previous argument produces 122, 123, 124, and 125: 


5142=122=2-61 
5143 =123=3-41 
S14 = 124-4231 
5145 =125=5-25 


Of course, we can find other sets of four consecutive composites, such as 24, 25, 26, 
27 or 32, 33, 34, 35. 

As this example suggests, our procedure for constructing gaps between two con- 
secutive primes gives a gross overestimate of where they occur among the integers. 
The first occurrences of prime gaps of specific lengths, where all the intervening inte- 
gers are composite, have been the subject of computer searches. For instance, there is 
a gap of length 778 (thatis, Pyi1 — Pn = 778) following the prime 42842283925351. 
No gap of this size exists between two smaller primes. The largest effectively cal- 
culated gap between consecutive prime numbers has length 1442, with a string of 
1441 composites immediately after the prime 


8042 12830686677669 


Interestingly, computer researchers have not identified gaps of every possible width 
up to 1442. The smallest missing gap size is 796. The conjecture is that there is a 
prime gap (a string of 2k — 1 consecutive composites between two primes) for every 
even integer 2k. 

This brings us to another unsolved problem concerning the primes, the Gold- 
bach conjecture. In a letter to Leonhard Euler in the year 1742, Christian Goldbach 
hazarded the guess that every even integer is the sum of two numbers that are either 
primes or 1. A somewhat more general formulation is that every even integer greater 
than 4 can be written as a sum of two odd prime numbers. This is easy to confirm 
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for the first few even integers: 
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Although it seems that Euler never tried to prove the result, upon writing to Goldbach 
at a later date, Euler countered with a conjecture of his own: Any even integer (> 6) 
of the form 4n + 2 is a sum of two numbers each being either a prime of the form 
4n + lor l. 

The numerical data suggesting the truth of Goldbach’s conjecture are over- 
whelming. It has been verified by computers for all even integers less than 4 - 10‘. 
As the integers become larger, the number of different ways in which 2n can be 
expressed as the sum of two primes increases. For example, there are 291400 such 
representations for the even integer 100000000. Although this supports the feeling 
that Goldbach was correct in his conjecture, it is far from a mathematical proof, 
and all attempts to obtain a proof have been completely unsuccessful. One of the 
most famous number theorists of the last century, G. H. Hardy, in his address to the 
Mathematical Society of Copenhagen in 1921, stated that the Goldbach conjecture 
appeared “probably as difficult as any of the unsolved problems in mathematics.” It 
is currently known that every even integer is the sum of six or fewer primes. 

We remark that if the conjecture of Goldbach is true, then each odd number 
larger than 7 must be the sum of three odd primes. To see this, take n to be an odd 
integer greater than 7, so that n — 3 is even and greater than 4; if n — 3 could be 
expressed as the sum of two odd primes, then n would be the sum of three. 

The first real progress on the conjecture in nearly 200 years was made by Hardy 
and Littlewood in 1922. On the basis of a certain unproved hypothesis, the so- 
called generalized Riemann hypothesis, they showed that every sufficiently large 
odd number is the sum of three odd primes. In 1937, the Russian mathematician 
I. M. Vinogradov was able to remove the dependence on the generalized Riemann 
hypothesis, thereby giving an unconditional proof of this result; that is to say, he 


PRIMES AND THEIR DISTRIBUTION 53 


established that all odd integers greater than some effectively computable np can be 
written as the sum of three odd primes. 


n= pit pot ps (n odd, n sufficiently large) 


Vinogradov was unable to decide how large ng should be, but Borozdkin (1956) 
proved that ng < 33° In 2002, the bound on no was reduced to 10!34°. It follows 
immediately that every even integer from some point on is the sum of either two 
or four primes. Thus, it is enough to answer the question for every odd integer n 
in the range 9 < n < no, which, for a given integer, becomes a matter of tedious 
computation (unfortunately, no is so large that this exceeds the capabilities of the 
most modern electronic computers). 

Because of the strong evidence in favor of the famous Goldbach conjecture, we 
readily become convinced that it is true. Nevertheless, it might be false. Vinogradov 
showed that if A(x) is the number of even integers n < x that are not the sum of two 
primes, then 


lim A(x)/x = 0 
xo 


This allows us to say that “almost all” even integers satisfy the conjecture. As Edmund 
Landau so aptly put it, “The Goldbach conjecture is false for at most 0% of all even 
integers; this at most 0% does not exclude, of course, the possibility that there are 
infinitely many exceptions.” 

Having digressed somewhat, let us observe that according to the Division Al- 
gorithm, every positive integer can be written uniquely in one of the forms 


4n 4n+ 1 4n+2 4n+3 


for some suitable n > 0. Clearly, the integers 4n and 4n + 2 = 2(2n + 1) are both 
even. Thus, all odd integers fall into two progressions: one containing integers of 
the form 4n + 1, and the other containing integers of the form 4n + 3. 

The question arises as to how these two types of primes are distributed within the 
set of positive integers. Let us display the first few odd prime numbers in consecutive 
order, putting the 4 + 3 primes in the top row and the 4n + 1 primes under them: 


oY > Te AT eal 23. BE AB Ad 39 SOR id 9 83 
oo dS TE 29 37 Al S53. Gl). 73 °89 


At this point, one might have the general impression that primes of the form 
4n + 3 are more abundant than are those of the form 4n + 1. To obtain more precise 
information, we require the help of the function z,,4(x), which counts the number 
of primes of the form p = an + b not exceeding x. Our small table, for instance, 
indicates that 7r4,1(89) = 10 and 74.3(89) = 13. 

In a famous letter written in 1853, Tchebycheff remarked that 74,1(x) < 14,3(x) 
for small values of x. He also implied that he had a proof that the inequality always 
held. In 1914, J. E. Littkewood showed that the inequality fails infinitely often, but 
his method gave no indication of the value of x for which this first happens. It turned 
out to be quite difficult to find. Not until 1957 did a computer search reveal that 
x = 26861 is the smallest prime for which 74,1(x) > 74,3(x); here, 74,1(x) = 1473 


54 ELEMENTARY NUMBER THEORY 


and 743(x) = 1472. This is an isolated situation, because the next prime at which a 
reversal occurs is x = 616,841. Remarkably, 74,;(x) > 74,3(x) for the 410 million 
successive integers x lying between 18540000000 and 18950000000. 

The behavior of primes of the form 31 +1 provided more of a computa- 
tional challenge: the inequality 73 (x) < 73,2(x) holds for all x until one reaches 
x = 608981813029. 

This furnishes a pleasant opportunity for a repeat performance of Euclid’s 
method for proving the existence of an infinitude of primes. A slight modifica- 
tion of his argument reveals that there is an infinite number of primes of the form 
4n + 3. We approach the proof through a simple lemma. 


Lemma. The product of two or more integers of the form 4 + 1 is of the same form. 


Proof. \tis sufficient to consider the product of just two integers. Let us take k = 4n + 1 
and k’ = 4m + 1. Multiplying these together, we obtain 


kk’ = (4n + 1)(4m + 1) 
= lonm+ 4n+4m+1=4(4nm+n+m)+1 


which is of the desired form. 


This paves the way for Theorem 3.6. 


Theorem 3.6. There are an infinite number of primes of the form 4n + 3. 


Proof. In anticipation of a contradiction, let us assume that there exist only finitely 
many primes of the form 4n + 3; call them qj, go, ..., gs. Consider the positive integer 


N = 49192-++s — 1 = 4(q1g2---4s — 1) +3 

and let N = rjr2---r, be its prime factorization. Because N is an odd integer, we have 
r, # 2 for all k, so that each r; is either of the form 4n + 1 or 4n + 3. By the lemma, 
the product of any number of primes of the form 4 + 1 is again an integer of this type. 
For N to take the form 4n + 3, as it clearly does, N must contain at least one prime 
factor r; of the form 4n + 3. But 7; cannot be found among the listing q1, qo, ..-, qs, 
for this would lead to the contradiction that 7; | 1. The only possible conclusion is that 
there are infinitely many primes of the form 4n + 3. 


Having just seen that there are infinitely many primes of the form 4n + 3, we 
might reasonably ask: Is the number of primes of the form 4n + 1 also infinite? This 
answer is likewise in the affirmative, but a demonstration must await the development 
of the necessary mathematical machinery. Both these results are special cases of a 
remarkable theorem by P. G. L. Dirichlet on primes in arithmetic progressions, 
established in 1837. The proof is much too difficult for inclusion here, so that we 
must content ourselves with the mere statement. 


Theorem 3.7 Dirichlet. If a and b are relatively prime positive integers, then the 
arithmetic progression 


a,at+b,a+2b,a+3b,... 


contains infinitely many primes. 
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Dirichlet’s theorem tells us, for instance, that there are infinitely many prime 
numbers ending in 999, such as 1999, 100999, 1000999, ... for these appear in the 
arithmetic progression determined by 1000n + 999, where gcd(1000, 999) = 1. 

There is no arithmetic progression a,a + b,a + 2b, ... that consists solely of 
prime numbers. To see this, suppose that a + nb = p, where p is a prime. If we put 
nk =n-+kp fork = 1,2,3,... then the n;th term in the progression is 


at+nb=a+(n+kp)b =(a+nb)+kpb = p+kpb 


Because each term on the right-hand side is divisible by p, so is a + nb. In other 
words, the progression must contain infinitely many composite numbers. 

It was proved in 2008 that there are finite but arbitrarily long arithmetic progres- 
sions consisting only of prime numbers (not necessarily consecutive primes). The 
longest progression found to date is composed of the 23 primes: 


56211383760397 + 44546738095860n 0 <n < 22 
The prime factorization of the common difference between the terms is 
2*.3-5-7-11-13-17- 19-23 - 99839 


which is divisible by 9699690, the product of the primes less than 23. This takes 
place according to Theorem 3.8. 


Theorem 3.8. If all the n > 2 terms of the arithmetic progression 
p,pt+d, pt+2d,...,p+(n—l1)d 


are prime numbers, then the common difference d is divisible by every prime q < n. 


Proof. Consider a prime number g < n and assume to the contrary that g / d. We 
claim that the first g terms of the progression 


p,pt+d,p+2d,...,p+(q—l1)d (1) 


will leave different remainders when divided by q. Otherwise there exist integers j 
and k, with 0 < j < k <q —1, such that the numbers p + jd and p + kd yield the 
same remainder upon division by g. Then q divides their difference (k — j)d. But 
gcd(q, d) = 1, and so Euclid’s lemma leads to q | k — j, which is nonsense in light of 
the inequality k —j <q-—-1. 

Because the q different remainders produced from Eq. (1) are drawn from the 
q integers 0,1,...,q — 1, one of these remainders must be zero. This means that 
q\|p + td for some t satisfying 0 < t < q — 1. Because of the inequality g <n < 
p < p+ttd, we are forced to conclude that p + td is composite. (If p were less 
than n, one of the terms of the progression would be p + pd = p(1 + d).) With this 
contradiction, the proof that g | d is complete. 


It has been conjectured that there exist arithmetic progressions of finite (but 
otherwise arbitrary) length, composed of consecutive prime numbers. Examples of 
such progressions consisting of three and four primes, respectively, are 47, 53, 59, 
and 251, 257, 263, 269. 

Most recently a sequence of 10 consecutive primes was discovered in which each 
term exceeds its predecessor by just 210; the smallest of these primes has 93 digits. 
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Finding an arithmetic progression consisting of 11 consecutive primes is likely to 
be out of reach for some time. Absent the restriction that the primes involved be 
consecutive, strings of 11-term arithmetic progressions are easily located. One such 
is 

110437 + 13860n 0<n<10 


In the interest of completeness, we might mention another famous problem that, 
so far, has resisted the most determined attack. For centuries, mathematicians have 
sought a simple formula that would yield every prime number or, failing this, a 
formula that would produce nothing but primes. At first glance, the request seems 
modest enough: find a function f(n) whose domain is, say, the nonnegative integers 
and whose range is some infinite subset of the set of all primes. It was widely believed 
years ago that the quadratic polynomial 


f(n) =n? +n4+41 
assumed only prime values. This was shown to be false by Euler, in 1772. As 


evidenced by the following table, the claim is a correct one form = 0,1, 2,..., 39. 


n fi n F(a) n f(a) 


0 41 14 251 28 853 
1 43 15 281 29 911 
2 47 16 313 30 971 
3 53 17 347 31 1033 
4 61 18 383 32 1097 
5 71 19 421 33 1163 
6 83 20 461 34 1231 
7 97 21 503 35 1301 
8 113 22 547 36 1373 
9 131 23 593 37 1447 
10 151 24 641 38 1523 
11 173 25 691 39 1601 
12 197 26 743 
13 223 27 797 


However, this provocative conjecture is shattered in the cases n = 40 and n = 41, 
where there is a factor of 41: 


(40) = 40-41 +41 = 41? 
and 
f(41) =41-42+41 = 41.43 


The next value f(42) = 1847 turns out to be prime once again. In fact, for the 
first 100 integer values of n, the so-called Euler polynomial represents 86 primes. 
Although it starts off very well in the production of primes, there are other quadratics 
such as 

g(n) =n* +n +27941 
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that begin to best f(n) as the values of n become larger. For example, g(n) is prime 
for 286129 values of 0 < n < 10°, whereas its famous rival yields 261081 primes 
in this range. 

It has been shown that no polynomial of the form n? + n + q, with q a prime, 
can do better than the Euler polynomial in giving primes for successive values of n. 
Indeed, until fairly recently no other quadratic polynomial of any kind was known 
to produce more than 40 successive prime values. The polynomial 


h(n) = 103n? — 3945n + 34381 


found in 1988, produces 43 distinct prime values forn = 0, 1, 2,...,42. The current 
record holder in this regard 


k(n) = 36n” — 810n + 2753 


does slightly better by giving a string of 45 prime values. 

The failure of the previous functions to be prime-producing is no accident, 
for it is easy to prove that there is no nonconstant polynomial f(n) with integral 
coefficients that takes on just prime values for integral n > 0. We assume that such 
a polynomial f(n) actually does exist and argue until a contradiction is reached. Let 


f(n) = agn*® + ay_in*) +--+» + apn? +. ain + ag 


where all the coefficients ag, a;, ... , a, are integers, and a, # 0. Fora fixed value of 
(no), p = f (no) 1s a prime number. Now, for any integer t, we consider the following 
expression: 


f(no + tp) = ax(no + tp) +--+ + ay(no + tp) + ap 
= (ayng + +++ +.a1n9 + ao) + pt) 
= f(no) + pQ(t) 
= pt pQ(t) = p+ Q(t) 


where Q(t) is a polynomial in ¢ having integral coefficients. Our reasoning shows 
that p | f(mo + tp); hence, from our own assumption that f() takes on only prime 
values, f(no + tp) = p for any integer t. Because a polynomial of degree k can- 
not assume the same value more than k times, we have obtained the required 
contradiction. 

Recent years have seen a measure of success in the search for prime-producing 
functions. W. H. Mills proved (1947) that there exists a positive real number r such 
that the expression f(n) = [r>"] is prime for n = 1, 2,3,... (the brackets indicate 
the greatest integer function). Needless to say, this is strictly an existence theorem 
and nothing is known about the actual value of r. Mills’s function does not produce 
all the primes. 

There are several celebrated, still unresolved, conjectures about primes. One 
posed by G. H. Hardy and J. E. Littlewood in 1922 asks whether there are infinitely 
many primes that can be represented in the form n* + 1. The closest thing to an 
answer, so far, came in 1978 when it was proved that there are infinitely many values 
of n for which n? + 1 is either a prime or the product of just two primes. One can 
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start to see this for the smallest values 
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PROBLEMS 3.3 


10. 


11. 


12. 


13. 


14. 


15. 


16. 


. Verify that the integers 1949 and 1951 are twin primes. 
. (a) If 1 is added to a product of twin primes, prove that a perfect square is always 
obtained. 
(b) Show that the sum of twin primes p and p + 21s divisible by 12, provided that p > 3. 

. Find all pairs of primes p and q satisfying p — gq = 3. 

. Sylvester (1896) rephrased the Goldbach conjecture: Every even integer 2” greater than 
4 is the sum of two primes, one larger than n/2 and the other less than 37/2. Verify this 
version of the conjecture for all even integers between 6 and 76. 

- In 1752, Goldbach submitted the following conjecture to Euler: Every odd integer can 
be written in the form p + 2a”, where p is either a prime or 1 and a > 0. Show that the 
integer 5777 refutes this conjecture. 

. Prove that the Goldbach conjecture that every even integer greater than 2 is the sum of 
two primes is equivalent to the statement that every integer greater than 5 is the sum of 
three primes. 

[Hint: If 2n — 2 = p, + po, then 2n = p; + pp +2 and 2n+1= pi + p2 +32] 

. A conjecture of Lagrange (1775) asserts that every odd integer greater than 5 can be 
written as a sum p; + 2p2, where pj, p2 are both primes. Confirm this for all odd 
integers through 75. 

. Given a positive integer n, it can be shown that there exists an even integer a that is 
representable as the sum of two odd primes in n different ways. Confirm that the integers 
60, 78, and 84 can be written as the sum of two primes in six, seven, and eight ways, 
respectively. 

. (a) Forn > 3, show that the integers n, n + 2,n + 4 cannot all be prime. 

(b) Three integers p, p + 2, p + 6, which are all prime, are called a prime-triplet. Find 

five sets of prime-triplets. 

Establish that the sequence 


GDh =D: Gehl = 3. Ge DTS Gael) 


produces n consecutive composite integers for n > 2. 

Find the smallest positive integer n for which the function f(n) = n*? +n + 17 is com- 
posite. Do the same for the functions g(n) = n* + 21n + 1 and h(n) = 3n* + 3n 4 23. 
Let p, denote the nth prime number. For n > 3, prove that pe 43 < PnPn+1Pn42- 

[Hint: Note that p2,, < 4p2,5 < 8pn41Pn+2:] 

Apply the same method of proof as in Theorem 3.6 to show that there are infinitely many 
primes of the form 6n + 5. 

Find a prime divisor of the integer N = 4(3 -7- 11) — 1 of the form 4n + 3. Do the same 
for N = 4(3-7-11-15)-1. 

Another unanswered question is whether there exists an infinite number of sets of five 
consecutive odd integers of which four are primes. Find five such sets of integers. 

Let the sequence of primes, with 1 adjoined, be denoted by pp = 1, py = 2, pz = 3, 
p3 =5,....Foreachn > 1, itis known that there exists a suitable choice of coefficients 


17. 


18. 


19. 


20. 
21. 


22. 


23. 


24. 
25. 


26. 
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€, = +1 such that 


2n—2 2n—-1 


Pon = Poni t+ >) Pe Pant = 2Pan +), RPE 
k=0 k=0 


To illustrate: 
13 =14+2-3-5+7+411 
and 
WS 2 3 =9 7 Tee l3 


Determine similar representations for the primes 23, 29, 31, and 37. 

In 1848, de Polignac claimed that every odd integer is the sum of a prime and a power of 
2. For example, 55 = 47 + 2? = 23 + 2°. Show that the integers 509 and 877 discredit 
this claim. 

(a) If p isa prime and p { b, prove that in the arithmetic progression 


a,a+b,a+2b,a+3b,... 


every pth term is divisible by p. 
[Hint: Because gcd(p, b) = 1, there exist integers r and s satisfying pr + bs = 1. 
Put ny = kp — as fork = 1,2,... and show that p | (a + nxb).] 
(b) From part (a), conclude that if b is an odd integer, then every other term in the 
indicated progression is even. 
In 1950, it was proved that any integer n > 9 can be written as a sum of distinct odd 
primes. Express the integers 25, 69, 81, and 125 in this fashion. 
If p and p* + 8 are both prime numbers, prove that p* + 4 is also prime. 
(a) For any integer k > 0, establish that the arithmetic progression 


a+b,a+2b,a+3b,... 


where gcd(a, b) = 1, contains k consecutive terms that are composite. 
[Hint: Putn = (a + b)(a + 2b)---(a + kb) and consider the k terms a + (n + 1)b, 
a+(n+2)b,...,.a+(n+k)b.] 

(b) Find five consecutive composite terms in the arithmetic progression 


G11, 21626; 31, 302%. 


Show that 13 is the largest prime that can divide two successive integers of the form 

n? +3. 

(a) The arithmetic mean of the twin primes 5 and 7 is the triangular number 6. Are there 
any other twin primes with a triangular mean? 

(b) The arithmetic mean of the twin primes 3 and 5 is the perfect square 4. Are there any 
other twin primes with a square mean? 

Determine all twin primes p and g = p + 2 for which pg — 2 1s also prime. 

Let p, denote the nth prime. For n > 3, show that 


Pn < Pit Pote++ + Pn-1 


[Hint: Use induction and the Bertrand conjecture. ] 

Verify the following: 

(a) There exist infinitely many primes ending in 33, such as 233, 433, 733, 1033, .... 
[Hint: Apply Dirichlet’s theorem.] 


60 


27. 


28. 


ELEMENTARY NUMBER THEORY 


(b) There exist infinitely many primes that do not belong to any pair of twin primes. 
[Hint: Consider the arithmetic progression 21k + 5 fork = 1,2,....] 

(c) There exists a prime ending in as many consecutive 1’s as desired. 
[Hint: To obtain a prime ending in n consecutive 1’s, consider the arithmetic pro- 
gression 10"k + R, fork = 1,2,....] 

(d) There exist infinitely many primes that contain but do not end in the block of digits 
123456789. 
[Hint: Consider the arithmetic progression 10!!k + 1234567891 for k = 1, 2,....] 

Prove that for every n > 2 there exists a prime p with p <n < 2p. 

[Hint: In the case where n = 2k + 1, then by the Bertrand conjecture there exists a prime 

p such that k < p < 2k.] 

(a) Ifn > 1, show that n! is never a perfect square. 

(b) Find the values of n > 1 for which 


n!+(n+1)!+(1+4+2)! 


is a perfect square. 
[Hint: Note that n! + (n+ 1)! +(n4+ 2)! =n!(n + 2)*.] 


CHAPTER 


A 


THE THEORY OF CONGRUENCES 


Gauss once said “Mathematics is the queen of the sciences and number-theory 
the queen of mathematics.” If this be true we may add that the Disquisitiones 
is the Magna Charta of number-theory. 

M. CANTOR 


4.1 CARL FRIEDRICH GAUSS 


Another approach to divisibility questions is through the arithmetic of remainders, 
or the theory of congruences as it is now commonly known. The concept, and 
the notation that makes it such a powerful tool, was first introduced by the German 
mathematician Carl Friedrich Gauss (1777-1855) in his Disquisitiones Arithmeticae; 
this monumental work, which appeared in 1801 when Gauss was 24 years old, laid 
the foundations of modern number theory. Legend has it that a large part of the 
Disquisitiones Arithmeticae had been submitted as a memoir to the French Academy 
the previous year and had been rejected in a manner that, even if the work had been 
as worthless as the referees believed, would have been inexcusable. (In an attempt 
to lay this defamatory tale to rest, the officers of the academy made an exhaustive 
search of their permanent records in 1935 and concluded that the Disquisitiones was 
never submitted, much less rejected.) “It is really astonishing,” said Kronecker, “to 
think that a single man of such young years was able to bring to light such a wealth 
of results, and above all to present such a profound and well-organized treatment of 
an entirely new discipline.” 
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Car] Friedrich Gauss 
(1777-1855) 


(Dover Publications, Inc.) 


Gauss was one of those remarkable infant prodigies whose natural aptitude for 
mathematics soon became apparent. As a child of age three, according to a well- 
authenticated story, he corrected an error in his father’s payroll calculations. His 
arithmetical powers so overwhelmed his schoolmasters that, by the time Gauss was 
7 years old, they admitted that there was nothing more they could teach the boy. It is 
said that in his first arithmetic class Gauss astonished his teacher by instantly solving 
what was intended to be a “busy work” problem: Find the sum of all the numbers 
from 1 to 100. The young Gauss later confessed to having recognized the pattern 


1+ 100 = 101,2+ 99 = 101,3 + 98 = 101,...,50 +51 = 101 


Because there are 50 pairs of numbers, each of which adds up to 101, the sum of 
all the numbers must be 50- 101 = 5050. This technique provides another way of 
deriving the formula 


n(n + 1) 
eo 
for the sum of the first n positive integers. One need only display the consecutive 
integers 1 through 7 in two rows as follows: 
1 2 3 wen—l an 
non-1l n—-2++- 2 1 


dicts: Dice oor che arpa 


Addition of the vertical columns produces n terms, each of which is equal ton + 1; 
when these terms are added, we get the value n(n + 1). Because the same sum is 
obtained on adding the two rows horizontally, what occurs is the formulan(n + 1) = 
21+2+3+---+n). 

Gauss went on to a succession of triumphs, each new discovery following on 
the heels of a previous one. The problem of constructing regular polygons with only 
“Euclidean tools,” that is to say, with ruler and compass alone, had long been laid 
aside in the belief that the ancients had exhausted all the possible constructions. In 
1796, Gauss showed that the 17-sided regular polygon is so constructible, the first 
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advance in this area since Euclid’s time. Gauss’s doctoral thesis of 1799 provided 
a rigorous proof of the Fundamental Theorem of Algebra, which had been stated 
first by Girard in 1629 and then proved imperfectly by d’ Alembert (1746), and later 
by Euler (1749). The theorem (it asserts that a polynomial equation of degree n has 
exactly n complex roots) was always a favorite of Gauss’s, and he gave, in all, four 
distinct demonstrations of it. The publication of Disquisitiones Arithmeticae in 1801 
at once placed Gauss in the front rank of mathematicians. 

The most extraordinary achievement of Gauss was more in the realm of theo- 
retical astronomy than of mathematics. On the opening night of the 19th century, 
January 1, 1801, the Italian astronomer Piazzi discovered the first of the so-called 
minor planets (planetoids or asteroids), later called Ceres. But after the course of 
this newly found body—visible only by telescope—passed the sun, neither Piazzi 
nor any other astronomer could locate it again. Piazzi’s observations extended over 
a period of 41 days, during which the orbit swept out an angle of only nine degrees. 
From the scanty data available, Gauss was able to calculate the orbit of Ceres with 
amazing accuracy, and the elusive planet was rediscovered at the end of the year in 
almost exactly the position he had forecasted. This success brought Gauss worldwide 
fame, and led to his appointment as director of Gottingen Observatory. 

By the middle of the 19th century, mathematics had grown into an enormous 
and unwieldy structure, divided into a large number of fields in which only the 
specialist knew his way. Gauss was the last complete mathematician, and it is no 
exaggeration to say that he was in some degree connected with nearly every aspect of 
the subject. His contemporaries regarded him as Princeps Mathematicorum (Prince 
of Mathematicians), on a par with Archimedes and Isaac Newton. This is revealed in 
a small incident: On being asked who was the greatest mathematician in Germany, 
Laplace answered, “Why, Pfaff”? When the questioner indicated that he would have 
thought Gauss was, Laplace replied, “Pfaff is by far the greatest in Germany, but 
Gauss is the greatest in all Europe.” 

Although Gauss adorned every branch of mathematics, he always held number 
theory in high esteem and affection. He insisted that, “Mathematics is the Queen of 
the Sciences, and the theory of numbers is the Queen of Mathematics.” 


4.2 BASIC PROPERTIES OF CONGRUENCE 


In the first chapter of Disquisitiones Arithmeticae, Gauss introduces the concept of 
congruence and the notation that makes it such a powerful technique (he explains that 
he was induced to adopt the symbol = because of the close analogy with algebraic 
equality). According to Gauss, “If a number n measures the difference between two 
numbers a and b, then a and b are said to be congruent with respect to n; if not, 
incongruent.” Putting this into the form of a definition, we have Definition 4.1. 


Definition 4.1. Let n be a fixed positive integer. Two integers a and b are said to be 
congruent modulo n, symbolized by 
a = b (mod n) 


if n divides the difference a — b; that is, provided that a — b = kn for some integer k. 
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To fix the idea, consider n = 7. It is routine to check that 
3 = 24 (mod 7) — 31 = 11 (mod 7) — 15 = —64 (mod 7) 


because 3 — 24 = (—3)7, —31 — 11 = (—6)7, and —15 — (—64) = 7-7. When 
n { (a —b), we say that a is incongruent to b modulo n, and in this case we write 
a # b (mod n). For a simple example: 25 ¥ 12 (mod 7), because 7 fails to divide 
25 = 12 = 13. 

It is to be noted that any two integers are congruent modulo 1, whereas two 
integers are congruent modulo 2 when they are both even or both odd. Inasmuch as 
congruence modulo 1 is not particularly interesting, the usual practice is to assume 
thatn > 1. 

Given an integer a, let g and r be its quotient and remainder upon division by 
n, so that 


a=qn+r O<r<n 


Then, by definition of congruence, a = r (mod n). Because there are n choices for 
r, we see that every integer is congruent modulo n to exactly one of the values 
0,1,2,...,n—1; in particular, a = 0 (modn) if and only if n|a. The set of n 
integers 0, 1,2, ..., — 1 is called the set of least nonnegative residues modulo n. 
In general, a collection of n integers a1, a2, ... , Gn iS Said to form a complete set 
of residues (or a complete system of residues) modulo n if every integer is congruent 
modulo n to one and only one of the a;,. To put it another way, a), d2,..., A, are 
congruent modulo n to 0, 1, 2,..., — 1, taken in some order. For instance, 


—12, —4, 11, 13, 22, 82, 91 
constitute a complete set of residues modulo 7; here, we have 
-12=2 -42=3 11=4 13=6 22=1 82=5 91=0 


all modulo 7. An observation of some importance is that any n integers form a 
complete set of residues modulo n if and only if no two of the integers are congruent 
modulo n. We shall need this fact later. 

Our first theorem provides a useful characterization of congruence modulo n in 
terms of remainders upon division by n. 


Theorem 4.1. For arbitrary integers a and b, a = b (mod n) if and only if a and b 
leave the same nonnegative remainder when divided by n. 


Proof. First take a = b (mod n), so that a = b + kn for some integer k. Upon division 
by n, b leaves a certain remainder r; that is, b = gn +r, where 0 < r < n. Therefore, 
a=b+kn=(qnt+r)t+kn=(q+kn+r 


which indicates that a has the same remainder as b. 
On the other hand, suppose we can write a = qin + r and b = qon +r, with the 
same remainder r (0 < r <n). Then 


a—b=(qn+r)—(gant+r)=(q1 — G2)n 


whence n | a — b. In the language of congruences, we have a = b (mod n). 
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Example 4.1. Because the integers —56 and —11 can be expressed in the form 
—56 = (—7)9 +7 —11 =(—2)9+7 


with the same remainder 7, Theorem 4.1 tells us that —56 = —11 (mod 9). Going in 
the other direction, the congruence —31 = 11 (mod 7) implies that —31 and 11 have 
the same remainder when divided by 7; this is clear from the relations 


—31=(—5)7+4 11=1-7+4 


Congruence may be viewed as a generalized form of equality, in the sense that 
its behavior with respect to addition and multiplication is reminiscent of ordinary 
equality. Some of the elementary properties of equality that carry over to congruences 
appear in the next theorem. 


Theorem 4.2. Letn > 1 be fixed and a, b, c,d be arbitrary integers. Then the following 
properties hold: 


(a) a =a (modn). 

(b) If a = b (mod n), then b = a (mod n). 

(c) Ifa =b (modn) and b =c (mod n), then a = c (mod n). 

(d) Ifa = b (modn) andc = d (mod n), thena + c= b+d (modn) and 
ac = bd (mod n). 

(e) Ifa = b (mod n), thena + c =b+c (modn) and ac = bc (mod n). 

(f) If a = b (mod n), then a* = b* (mod n) for any positive integer k. 


Proof. For any integer a, we have a—a =0O-n, so that a =a (modzn). Now if 
a = b (mod n), then a — b = kn for some integer k. Hence, b — a = —(kn) = (—k)n 
and because —k is an integer, this yields property (b). 

Property (c) is slightly less obvious: Suppose that a = b (mod n) and also b = 
c (mod n). Then there exist integers h and k satisfying a — b = hn and b — c = kn. It 
follows that 


a—c=(a—b)+(b-—c)=hn+kn=(h+k)n 


which is a = c (mod 7) in congruence notation. 

In the same vein, if a = b (mod n) and c = d (mod n), then we are assured that 
a —b=k,n andc —d = kgn for some choice of k; and kz. Adding these equations, 
we obtain 


(a+c)—(b+d)=(a—b)+(c-—d) 
=kjn+ kon = (ki + ko)n 


or, as a congruence statement, a + c = b + d (mod n). As regards the second assertion 
of property (d), note that 


ac = (b+ kin) + kon) = bd + (bko + dky + kykon)n 


Because bk2 + dk; + kikn is an integer, this says that ac — bd is divisible by n, 
whence ac = bd (mod n). 

The proof of property (e) is covered by (d) and the fact that c = c (mod 7). Finally, 
we obtain property (f) by making an induction argument. The statement certainly 
holds for k = 1, and we will assume it is true for some fixed k. From (d), we know 
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that a = b (mod n) and a‘ = b‘ (mod n) together imply that aa* = bb‘ (mod n), or 
equivalently at! = b**! (mod n). This is the form the statement should take fork + 1, 
and so the induction step is complete. 


Before going further, we should illustrate that congruences can be a great help 
in Carrying out certain types of computations. 


Example 4.2. Let us endeavor to show that 41 divides 27° — 1. We begin by noting 
that 2> = —9 (mod 41), whence (2°)* = (—9)* (mod 41) by Theorem 4.2(f); in other 
words, 27° = 81 - 81 (mod 41). But 81 = —1 (mod 41), and so 81 - 81 = 1 (mod 41). 
Using parts (b) and (e) of Theorem 4.2, we finally arrive at 


21 = 81> SiS b= 1 — 1: = 0 (mod 41) 
Thus, 41 | 27° — 1, as desired. 


Example 4.3. For another example in the same spirit, suppose that we are asked to 
find the remainder obtained upon dividing the sum 


1! 4+ 2!43!4+41+---+99!+ 100! 


by 12. Without the aid of congruences this would be an awesome calculation. The 
observation that starts us off is that 4! = 24 = 0 (mod 12); thus, fork > 4, 


k!=4!-5-.6---k =0-5-6---k =0 (mod 12) 
In this way, we find that 
1!+2!+3!+4!+---+ 100! 
= 1!+2!+3!+0+-> +0 =9 (mod 12) 


Accordingly, the sum in question leaves a remainder of 9 when divided by 12. 


In Theorem 4.1 we saw that if a = b (mod n), then ca = cb (mod n) for any 
integer c. The converse, however, fails to hold. As an example, perhaps as simple 
as any, note that 2-4 = 2-1 (mod 6), whereas 4 ¥ 1 (mod 6). In brief: One cannot 
unrestrictedly cancel a common factor in the arithmetic of congruences. 

With suitable precautions, cancellation can be allowed; one step in this direction, 
and an important one, is provided by the following theorem. 


Theorem 4.3. If ca = cb (mod n), then a = b (mod n/d), where d = gcd(c, n). 


Proof. By hypothesis, we can write 
c(a —b) =ca—cb=kn 


for some integer k. Knowing that gcd(c, n) = d, there exist relatively prime integers 
r and s satisfying c = dr, n = ds. When these values are substituted in the displayed 
equation and the common factor d canceled, the net result is 


r(a—b)=ks 


Hence, s | r(a — b) and gcd(r, s) = 1. Euclid’s lemma yields s | a — b, which may be 
recast as a = b (mod s); in other words, a = b (mod n/d). 
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Theorem 4.3 gets its maximum force when the requirement that gcd(c, n) = 1 is 
added, for then the cancellation may be accomplished without a change in modulus. 


Corollary 1. If ca = cb (mod n) and gcd(c, n) = 1, thena = b (mod n). 


We take a moment to record a special case of Corollary 1 that we shall have 
frequent occasion to use, namely, Corollary 2. 


Corollary 2. If ca = cb (mod p) and p Jc, where p is a prime number, then 
a = b (mod p). 


Proof. The conditions p jc and p a prime imply that gcd(c, p) = 1. 


Example 4.4. Consider the congruence 33 = 15 (mod9) or, if one prefers, 
3-11 =3-5(mod 9). Because gcd(3, 9) = 3, Theorem 4.3 leads to the conclusion that 
11 = 5 (mod 3). A further illustration is given by the congruence —35 = 45 (mod 8), 
which is the same as 5 - (—7) = 5 - 9 (mod 8). The integers 5 and 8 being relatively 
prime, we may cancel the factor 5 to obtain a correct congruence —7 = 9 (mod 8). 


Let us call attention to the fact that, in Theorem 4.3, it is unnecessary to stipulate 
that c = 0 (mod n). Indeed, if c = 0 (mod n), then gcd(c, n) = n and the conclusion 
of the theorem would state that a = b (mod 1); but, as we remarked earlier, this 
holds trivially for all integers a and b. 

There is another curious situation that can arise with congruences: The product 
of two integers, neither of which is congruent to zero, may turn out to be congruent to 
zero. For instance, 4 - 3 = 0(mod 12), but4 4 0(mod 12) and3 4 O(mod 12). Itisa 
simple matter to show thatifab = 0 (mod n) and gcd(a, n) = 1, thenb = 0 (mod n): 
Corollary 1 permits us legitimately to cancel the factor a from both sides of the 
congruence ab = a- (0 (mod n). A variation on this is that when ab = 0 (mod p), 
with p a prime, then either a = 0 (mod p) or b = 0 (mod p). 


PROBLEMS 4.2 


1. Prove each of the following assertions: 
(a) If a = b (mod n) and m |n, then a = b (mod m). 
(b) If a = b (modn) andc > 0, then ca = cb (mod cn). 
(c) Ifa = b (mod n) and the integers a, b, n are all divisible by d > 0, then 
a/d = b/d (modn/d). 
2. Give an example to show that a 
(mod n). 
. Ifa = b (mod n), prove that gcd(a,n) = gcd(b, n). 
. (a) Find the remainders when 2°° and 41®© are divided by 7. 
(b) What is the remainder when the following sum is divided by 4? 


{oF hae eo a OO TODS 


5. Prove that the integer 53! + 103°? is divisible by 39, and that 111373 + 333!!! is divis- 
ible by 7. 


*=b? (modn) need not imply that a=b 


& WwW 
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10. 


11. 


12. 


13. 


14. 


15. 


16. 


17. 


18. 
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. For n > 1, use congruence theory to establish each of the following divisibility 


statements: 

CV Ol nie ea aac 
(b) 13 | ant2 + gant 
(c) 27 | gsnt+1 a grt. 
(d) 43 | grt2 dle qantl, 


. Forn > 1, show that 


(—13)"*! = (—13)" + (—13)""! (mod 181) 


[Hint: Notice that (—13)* = —13 + 1 (mod 181); use induction on n.] 


. Prove the assertions below: 


(a) If a is an odd integer, then a* = 1 (mod 8). 

(b) For any integer a, a> = 0, 1, or 6 (mod 7). 

(c) For any integer a, a* = 0 or 1 (mod 5). 

(d) If the integer a is not divisible by 2 or 3, then a* = 1 (mod 24). 


. If p is a prime satisfying n < p < 2n, show that 


2n 
( ) = 0 (mod p) 
n 


If a}, dz, ..., A, is a complete set of residues modulo n and gcd(a, n) = 1, prove that 
aaj, aa2,..., Aa, 1s also a complete set of residues modulo n. 

[Hint: It suffices to show that the numbers in question are incongruent modulo n.] 
Verify that 0, 1, 2, 27, 2?,...,2° form a complete set of residues modulo 11, but that 
0, 17, 27, 3, ..., 10* do not. 

Prove the following statements: 

(a) If gcd(a, n) = 1, then the integers 


c,c+a,c+2a,c+3a,...,c+nm— la 


form a complete set of residues modulo n for any c. 
(b) Any n consecutive integers form a complete set of residues modulo n. 

[Hint: Use part (a).] 
(c) The product of any set of n consecutive integers is divisible by n. 
Verify that ifa = b (mod n,) anda = b (mod nz), thena = b (mod n), where the integer 
n = Icm(n1, nz). Hence, whenever n, and nz are relatively prime, a = b (mod n1n2). 
Give an example to show that a* = b* (mod n) and k = j (mod n) need not imply that 
ai = b/ (mod n). 
Establish that if a is an odd integer, then for any n > 1 


a” = 1 (mod 2"+?) 


[Hint: Proceed by induction on n.] 
Use the theory of congruences to verify that 


89|2"—-1 and 97/2" —1 


Prove that whenever ab = cd (modn) and b=d (modzn), with gcd(b,n) = 1, then 
a=c(modn). 

If a = b (mod n}) and a = c (mod npg), prove that b =c (modn), where the integer 
n = gced(ny, n2). 
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4.33. BINARY AND DECIMAL REPRESENTATIONS OF INTEGERS 


One of the more interesting applications of congruence theory involves finding 
special criteria under which a given integer is divisible by another integer. At their 
heart, these divisibility tests depend on the notational system used to assign “names” 
to integers and, more particularly, to the fact that 10 is taken as the base for our number 
system. Let us, therefore, start by showing that, given an integer b > 1, any positive 
integer N can be written uniquely in terms of powers of b as 


N = amb™ + Qm_jo" | +--+» +anb* +a;b + a9 


where the coefficients a, can take on the b different values 0, 1,2,...,b— 1. For 
the Division Algorithm yields integers q; and dp satisfying 


N=qb+a 0<a <b 
If gq; > b, we can divide once more, obtaining 
1 = gqb+a, O<a, <b 
Now substitute for q; in the earlier equation to get 
N = (gob +.a1)b +. ap = gob? +. ajb +. ag 


As long as q2 > b, we can continue in the same fashion. Going one more step: 
g2 = q3b + az, where 0 < ay < b; hence 


N= q3b° + ayb” = a,b + ao 


Because N > qi > q2 > --- => 0 is a Strictly decreasing sequence of integers, this 
process must eventually terminate, say, at the (m — 1)th stage, where 


m—1 = md + Am-1 0<an_1 <b 
and 0 < qm < b. Setting dm = dm, we reach the representation 
N = amb" + am—1b™ | +++» + ab + a9 
which was our aim. 
To show uniqueness, let us suppose that NV has two distinct representations, say, 
N = amb” +---+ajb +a) =Cmb" +---+c1b + ¢9 


with 0 < a; < b for eachi and 0 < c; < b for each j (we can use the same m by 
simply adding terms with coefficients a; = 0 or c; = 0, if necessary). Subtracting 
the second representation from the first gives the equation 


0O=d,b" +---+d\b+d 


where d; = a; — c; fori = 0, 1,...,m. Because the two representations for N are 
assumed to be different, we must have d; 4 0 for some value of i. Take k to be the 
smallest subscript for which d, ~ 0. Then 


0 = dnb” +-+-+ dpb} a d,.b* 
and so, after dividing by b*, 
dy = —b(dmb™*! + ++ + devs) 
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This tells us that b | d,. Now the inequalities 0 < a, < b and 0 < c; < b lead us to 
—b < ay — cy < b, or | d, | < b. The only way of reconciling the conditions b | dx 
and | d, | < b is to have d, = 0, which is impossible. From this contradiction, we 
conclude that the representation of N is unique. 

The essential feature in all of this is that the integer V is completely determined 
by the ordered array a, @Qm_1,..-, @1, ao of coefficients, with the plus signs and the 
powers of b being superfluous. Thus, the number 


N = ab" 4a, 2jb" A ah? ab ay 
may be replaced by the simpler symbol 
N = (GmQm-1 +++ 4241A0)p 


(the right-hand side is not to be interpreted as a product, but only as an abbreviation 
for N). We call this the base b place-value notation for N. 

Small values of b give rise to lengthy representation of numbers, but have the 
advantage of requiring fewer choices for coefficients. The simplest case occurs when 
the base b = 2, and the resulting system of enumeration is called the binary number 
system (from the Latin binarius, two). The fact that when a number is written in the 
binary system only the integers 0 and 1 can appear as coefficients means that every 
positive integer is expressible in exactly one way as a sum of distinct powers of 2. 
For example, the integer 105 can be written as 


105 or 8 I 0 
Ea a Jae ag) | 


or, in abbreviated form, 
105 = (1101001) 
In the other direction, (1001111) translates into 
1-2°+0-2°+0-244+1-274+1-2?41-2+1=79 


The binary system is most convenient for use in modern electronic computing ma- 
chines, because binary numbers are represented by strings of zeros and ones; 0 and 
1 can be expressed in the machine by a switch (or a similar electronic device) being 
either on or off. 

We shall frequently wish to calculate the value of a* (mod n) when k is large. 
Is there a more efficient way of obtaining the least positive residue than multiplying 
a by itself k times before reducing modulo n? One such procedure, called the binary 
exponential algorithm, relies on successive squarings, with a reduction modulo n 
after each squaring. More specifically, the exponent k is written in binary form, as 
k = (GmQm—1 ...@2Q\dg)2, and the values a?’ (mod n) are calculated for the powers 
of 2, which correspond to the 1’s in the binary representation. These partial results 
are then multiplied together to give the final answer. 

An illustration should make this process clear. 
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Example 4.5. To calculate 5!!° (mod 131), first note that the exponent 110 can be 
expressed in binary form as 


110 = 64+ 32+8+4+2 = (1101110). 


Thus, we obtain the powers 5?’ (mod 131) forO < j < 6 by repeatedly squaring while 
at each stage reducing each result modulo 131: 


52= 25 (mod131) 5/6 
54=101 (mod131) 5” 
58 = 114 (mod131) 5% 


27 (mod 131) 
74 (mod 131) 
105 (mod 131) 


When the appropriate partial results—those corresponding to the 1’s in the binary 
expansion of 110—are multiplied, we see that 


5110 — 5644+32+8+4+2 
=— 504 . 532.58. 54. 52 
= 105-74-114-101-25=60 (mod131) 


As aminor variation of the procedure, one might calculate, modulo 131, the powers 
5, 5°,,57,5°, 5257, 5°; 5°? to arrive at 


5110 — 59% 512.52 = 41 .117-25=60 (mod131) 


which would require two fewer multiplications. 


We ordinarily record numbers in the decimal system of notation, where b = 10, 
omitting the 10-subscript that specifies the base. For instance, the symbol 1492 
stands for the more awkward expression 


D104 107 8:10 


The integers 1, 4, 9, and 2 are called the digits of the given number, 1 being the 
thousands digit, 4 the hundreds digit, 9 the tens digit, and 2 the units digit. In 
technical language we refer to the representation of the positive integers as sums of 
powers of 10, with coefficients at most 9, as their decimal representation (from the 
Latin decem, ten). 

We are about ready to derive criteria for determining whether an integer is 
divisible by 9 or 11, without performing the actual division. For this, we need a result 
having to do with congruences involving polynomials with integral coefficients. 


Theorem 4.4. Let P(x) = )\7.)cx* be a polynomial function of x with integral 
coefficients c,. If a = b (mod n), then P(a) = P(b) (mod n). 


Proof. Because a = b (modzn), part (f) of Theorem 4.2 can be applied to give 
a‘ = b‘ (modn) fork = 0, 1,...,m. Therefore, 


cya* = cyb* (mod n) 


for all such k. Adding these m + 1 congruences, we conclude that 


m m 
De cya* = se cyb* (mod n) 
k=0 k=0 


or, in different notation, P(a) = P(b) (mod n). 
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If P(x) is a polynomial with integral coefficients, we say that a is a solution of 
the congruence P(x) = 0 (mod n) if P(a) = 0 (mod n). 


Corollary. Ifa is a solution of P(x) = 0 (mod n) and a = b (mod n), then D also is a 
solution. 


Proof. From the last theorem, it is known that P(a) = P(b) (mod n). Hence, if a is a 
solution of P(x) = 0 (mod n), then P(b) = P(a) = 0 (mod n), making b a solution. 


One divisibility test that we have in mind is this. A positive integer is divisible 
by 9 if and only if the sum of the digits in its decimal representation is divisible by 9. 


Theorem 4.5. Let N = a,10” + dm_—110"~! + --- +a ,10 + ao be the decimal ex- 
pansion of the positive integer V, 0 < a, < 10, and let S = ap + aj + --- + a,. Then 
9|N if and only if 9| S. 


Proof. Consider P(x) = )°7"_9 axx*, a polynomial with integral coefficients. The key 
observation is that 10 = 1 (mod 9), whence by Theorem 4.4, P(10) = P(1) (mod 9). 
But P(10) = N and P(1) = a9 + a, +--- +a = S, so that N = S (mod 9). It fol- 
lows that N = 0 (mod 9) if and only if S = 0 (mod 9), which is what we wanted to 
prove. 


Theorem 4.4 also serves as the basis for a well-known test for divisibility by 11: 
an integer is divisible by 11 if and only if the alternating sum of its digits is divisible 
by 11. We state this more precisely by Theorem 4.6. 


Theorem 4.6. Let N =a,,10" + a,_,10"-!+---+a,10+ a9 be the decimal 
expansion of the positive integer N,0 < q < 10, and let T =a) —a, +a) —--- 
+ (—1)"a,,. Then 11| N if and only if 11|T. 


Proof. As in the proof of Theorem 4.5, put P(x) = )-7.) axx*. Because 10 = —1 
(mod 11), we get P(10) = P(—1) (mod 11). But P(10) = N, whereas P(—1) = 
ag — ay + ay —---+(—1)”"a,, = T, so that N = T (mod 11). The implication is that 
either both N and T are divisible by 11 or neither is divisible by 11. 


Example 4.6. To see an illustration of the last two results, consider the integer 
N = 1,571,724. Because the sum 


boa Tele Te a 27 


is divisible by 9, Theorem 4.5 guarantees that 9 divides N. It also can be divided by 
11; for, the alternating sum 


f= 29 Lea LS LI 
is divisible by 11. 


Congruence theory is frequently used to append an extra check digit to iden- 
tification numbers, in order to recognize transmission errors or forgeries. Personal 
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identification numbers of some kind appear on passports, credit cards, bank accounts, 
and a variety of other settings. 

Some banks use an eight-digit identification number aja2 ...ag together with 
a final check digit dg. The check digit is usually obtained by multiplying the digits 
a;(1 <i < 8) by certain “weights” and calculating the sum of the weighted products 
modulo 10. For instance, the check digit might be chosen to satisfy 


ag = Ta, + 3a2 + 9a3 + Ta4 + 3a5 + 9ag + Taz + 3ag (mod 10) 
The identification number 81504216 would then have check digit 
dg =7-8+3-14+9-54+7-04+3-449-24+7-14+3-6=9 (mod10) 


so that 815042169 would be printed on the check. 

This weighting scheme for assigning check digits detects any single-digit error 
in the identification number. For suppose that the digit a; is replaced by a different 
a. By the manner in which the check digit is calculated, the difference between the 
correct dg and the new ag is 


dg — dg = k(a; — a;) (mod 10) 


where kis 7, 3, or 9 depending on the position of a;. Because k(a; — a;) # 0 (mod 10), 
it follows that ag # ag and the error is apparent. Thus, if the valid number 81504216 
were incorrectly entered as 81504316 into a computer programmed to calculate 
check digits, an 8 would come up rather than the expected 9. 

The modulo 10 approach is not entirely effective, for it does not always detect 
the common error of transposing distinct adjacent entries a and b within the string 
of digits. To illustrate: the identification numbers 81504216 and 81504261 have 
the same check digit 9 when our example weights are used. (The problem occurs 
when |a — b| = 5.) More sophisticated methods are available, with larger moduli 
and different weights, that would prevent this possible error. 


PROBLEMS 4.3 


1. Use the binary exponentiation algorithm to compute both 19°? (mod 503) and 14147 
(mod 1537). 

2. Prove the following statements: 
(a) For any integer a, the units digit of a” is 0, 1, 4, 5, 6, or 9. 
(b) Any one of the integers 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 can occur as the units digit of a. 
(c) For any integer a, the units digit of a* is 0, 1, 5, or 6. 
(d) The units digit of a triangular number is 0, 1, 3, 5, 6, or 8. 

3. Find the last two digits of the number 9, 
[Hint: 9° = 9 (mod 10); hence, 9° = 99*!%: notice that 9? = 89 (mod100).] 

4. Without performing the divisions, determine whether the integers 176521221 and 
149235678 are divisible by 9 or 11. 

5. (a) Obtain the following generalization of Theorem 4.6: If the integer N is represented 

in the base b by 


N =amb™+---+@b*+ab+a9 OK<a,<b-1 
then b — 1| N if and only if b—1|(a, +---+a2 +a, + ao). 
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(b) Give criteria for the divisibility of N by 3 and 8 that depend on the digits of N when 
written in the base 9. 
(c) Is the integer (447836)o divisible by 3 and 8? 


. Working modulo 9 or 11, find the missing digits in the calculations below: 


(a) 51840 - 273581 = 1418243x040. 
(b) 2x99561 = [3(523 + x)]?. 

(c) 2784x = x - 5569. 

(d) 512 - 1x53125 = 1000000000. 


. Establish the following divisibility criteria: 


(a) An integer is divisible by 2 if and only if its units digit is 0, 2, 4, 6, or 8. 

(b) An integer is divisible by 3 if and only if the sum of its digits is divisible by 3. 

(c) An integer is divisible by 4 if and only if the number formed by its tens and units 
digits is divisible by 4. 
[Hint: 10 = 0 (mod 4) fork > 2.] 

(d) An integer is divisible by 5 if and only if its units digit is 0 or 5. 


. For any integer a, show that a* — a +7 ends in one of the digits 3, 7, or 9. 
. Find the remainder when 44444 is divided by 9. 


[Hint: Observe that 2? = —1 (mod 9).] 


. Prove that no integer whose digits add up to 15 can be a square or a cube. 


[Hint: For any a, a? = 0, 1, or 8 (mod 9).] 


. Assuming that 495 divides 273x49y5, obtain the digits x and y. 
. Determine the last three digits of the number 


7999. 
[Hint: 7” = (1 + 400)" = 1 + 400n (mod 1000).] 


. If ¢, denotes the nth triangular number, show that t,, 42; = t, (mod k); hence, t, and t,+29 


must have the same last digit. 


. For any n > 1, prove that there exists a prime with at least n of its digits equal to 0. 


[Hint: Consider the arithmetic progression 10"*'k + 1 fork = 1,2,....] 


. Find the values of n > 1 for which 1! + 2!+ 3!+.----+ n! 1s a perfect square. 


[Hint: Problem 2(a).] 

Show that 2” divides an integer N if and only if 2” divides the number made up of the 
last n digits of N. 

[Hint: 10 = 2*5* = 0 (mod 2”) for k > n.] 

Let N = a,10" + --- +a 210? + .a;10 + ao, where 0 < a; < 9, be the decimal expan- 
sion of a positive integer NV. 

(a) Prove that 7, 11, and 13 all divide N if and only if 7, 11, and 13 divide the integer 


M = (100a2 + 10a; + ap) — (100as5 + 10a, + a3) 
+ (100ag + 10a7 + dg) —--- 


[Hint: If n is even, then 10°” = 1, 102"+! = 10, 10°”+? = 100 (mod 1001); if n is 
odd, then 10°” = —1, 10°”+! = —10, 10°"*? = —100 (mod 1001).] 
(b) Prove that 6 divides N if and only if 6 divides the integer 


M = ao + 4a; + 4a2 +--+ + 4ay, 


Without performing the divisions, determine whether the integer 1010908899 is divisible 

by 7, 11, and 13. 

(a) Given an integer N, let M be the integer formed by reversing the order of the digits 
of N (for example, if N = 6923, then M = 3296). Verify that N — M is divisible 
by 9. 


20. 
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(b) A palindrome is a number that reads the same backward as forward (for instance, 
373 and 521125 are palindromes). Prove that any palindrome with an even number 
of digits is divisible by 11. 

Given a repunit R,,, show that 

(a) 9| R, if and only if 9 |x. 

(b) 11| R, if and only if n is even. 


21. Factor the repunit Rg = 111111 into a product of primes. 


22. 


23. 


24. 


25. 
26. 


27. 


28. 


[Hint: Problem 17(a).] 
Explain why the following curious calculations hold: 


bo 2= 11 
12 3 = 
123-9+ 4=1111 
1234-9+ 5=11111 
12345-9+ 6=111111 
123456-9+ 7= 1111111 
1234567-9+ 8= 11111111 
12345678 -9+ 9= 111111111 
123456789 -9 + 10 = 1111111111 


[Hint: Show that 


(10"-! + 2. 10"-2 + 3-10"-3 +---- +n)(10— 1) 
107+! eens | 


t(n+1)= = 


An old and somewhat illegible invoice shows that 72 canned hams were purchased for 
$x 67.9y. Find the missing digits. 

If 792 divides the integer 13xy 45z, find the digits x, y, and z. 

[Hint: By Problem 17, 8 | 45z.] 

For any prime p > 3, prove that 13 divides 10°? — 10? + 1. 

Consider the eight-digit bank identification number a,a2 ...ag, which is followed by a 
ninth check digit a9 chosen to satisfy the congruence 


ag = Ta, + 3a2 + 9a3 + Tag + 3a5 + 9ag + 7a7 + 3ag (mod 10) 


(a) Obtain the check digits that should be appended to the two numbers 55382006 and 
81372439. 

(b) The bank identification number 2374418538 has an illegible fourth digit. Determine 
the value of the obscured digit. 

The International Standard Book Number (ISBN) used in many libraries consists of nine 

digits aja2 ...dg followed by a tenth check digit ajo, which satisfies 


9 
ayo = )_ ka, (mod 11) 
k=1 

Determine whether each of the ISBNs below is correct: 
(a) 0-07-232569-0 (United States). 
(b) 91-7643-497-5 (Sweden). 
(c) 1-56947-303-10 (England). 
When printing the ISBN a,a2...da9, two unequal digits were transposed. Show that the 
check digits detected this error. 
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4.4 LINEAR CONGRUENCES AND THE CHINESE 
REMAINDER THEOREM 


This is a convenient place in our development of number theory at which to inves- 
tigate the theory of linear congruences: an equation of the form ax = b (mod n) 
is called a linear congruence, and by a solution of such an equation we mean an 
integer x9 for which axp = b (mod n). By definition, axo = b (mod n) if and only 
if n |axo — b or, what amounts to the same thing, if and only if axg — b = nyo for 
some integer yo. Thus, the problem of finding all integers that will satisfy the lin- 
ear congruence ax = b (mod n) is identical with that of obtaining all solutions of 
the linear Diophantine equation ax — ny = b. This allows us to bring the results of 
Chapter 2 into play. 

It is convenient to treat two solutions of ax = b (mod n) that are congruent 
modulo n as being “equal” even though they are not equal in the usual sense. For 
instance, x = 3 and x = —9 both satisfy the congruence 3x = 9 (mod 12); because 
3 = —9(mod 12), they are not counted as different solutions. In short: When we refer 
to the number of solutions of ax = b (mod n), we mean the number of incongruent 
integers satisfying this congruence. 

With these remarks in mind, the principal result is easy to state. 


Theorem 4.7. The linear congruence ax = b (mod n) has a solution if and only if d | b, 
where d = gcd(a, n). If d |b, then it has d mutually incongruent solutions modulo n. 


Proof. We already have observed that the given congruence is equivalent to the linear 
Diophantine equation ax — ny = b. From Theorem 2.9, it is known that the latter 
equation can be solved if and only if d | b; moreover, if it is solvable and xo, yo is one 
specific solution, then any other solution has the form 


=xo+-t y=yt-—t 
yt 6 = = = 
0 J Y0 ] 


for some choice of f. 
Among the various integers satisfying the first of these formulas, consider those 


that occur when ¢ takes on the successive values t = 0,1,2,...,d —1: 
i n o 2n re (d —1)n 
x0, x —,x ees —. 
O40 Fe e0or 0 A 


We claim that these integers are incongruent modulo n, and all other such integers x 
are congruent to some one of them. If it happened that 


where 0 < tf; < f2 < d — 1, then we would have 


if =p ned a) 
Fe asa ret 


Now gcd(n/d,n) = n/d, and therefore by Theorem 4.3 the factor n/d could be can- 
celed to arrive at the congruence 


t) = ft) (mod d) 
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which is to say that d|t —t,. But this is impossible in view of the inequality 
0<t-t <d. 

It remains to argue that any other solution xp + (n/d)t is congruent modulo n to 
one of the d integers listed above. The Division Algorithm permits us to write ¢ as 
t = qd +r, where 0 <r <d -—1. Hence 


xo + —t =x + —(qd+1r) 
=X n r 
0 q ] 


=Xjo+ sr (mod n) 


with xp + (n/d)r being one of our d selected solutions. This ends the proof. 


The argument that we gave in Theorem 4.7 brings out a point worth stating ex- 
plicitly: If xo is any solution of ax = b (mod n), then thed = gcd(a, n) incongruent 
solutions are given by 


xo, x0+5,%0+2(5),...,x0+@-1)(4) 


For the reader’s convenience, let us also record the form Theorem 4.7 takes in 
the special case in which a and n are assumed to be relatively prime. 


Corollary. If gcd(a, n) = 1, then the linear congruence ax = b (mod n) has a unique 
solution modulo n. 


Given relatively prime integers a and n, the congruence ax = 1 (mod n) has a 
unique solution. This solution is sometimes called the (multiplicative) inverse of a 
modulo n. 

We now pause to look at two concrete examples. 


Example 4.7. First consider the linear congruence 18x = 30 (mod 42). Because 
gcd(18, 42) = 6 and 6 surely divides 30, Theorem 4.7 guarantees the existence of 
exactly six solutions, which are incongruent modulo 42. By inspection, one solution 
is found to be x = 4. Our analysis tells us that the six solutions are as follows: 


x =4+4 (42/6)t = 4+ 7t (mod 42) PaO eek S 
or, plainly enumerated, 


x = 4, 11, 18, 25, 32, 39 (mod 42) 


Example 4.8. Let us solve the linear congruence 9x = 21 (mod 30). At the out- 
set, because gcd(9, 30) = 3 and 3 | 21, we know that there must be three incongruent 
solutions. 

One way to find these solutions is to divide the given congruence through by 
3, thereby replacing it by the equivalent congruence 3x = 7 (mod 10). The relative 
primeness of 3 and 10 implies that the latter congruence admits a unique solution 
modulo 10. Although it is not the most efficient method, we could test the integers 
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0, 1, 2,...,9 in turn until the solution is obtained. A better way is this: Multiply both 
sides of the congruence 3x = 7 (mod 10) by 7 to get 


21x = 49 (mod 10) 


which reduces to x = 9 (mod 10). (This simplification is no accident, for the multiples 
0-3, 1-3,2-3,...,9-3 form a complete set of residues modulo 10; hence, one 
of them is necessarily congruent to 1 modulo 10.) But the original congruence was 
given modulo 30, so that its incongruent solutions are sought among the integers 0, 1, 
2,..., 29. Taking t = 0, 1, 2, in the formula 


x =9+4 10t 
we obtain 9, 19, 29, whence 
x = 9 (mod 30) x = 19 (mod 30) x = 29 (mod 30) 


are the required three solutions of 9x = 21 (mod 30). 

A different approach to the problem is to use the method that is suggested in the 
proof of Theorem 4.7. Because the congruence 9x = 21(mod 30) is equivalent to the 
linear Diophantine equation 


9x — 30y = 21 


we begin by expressing 3 = gcd(9, 30) as a linear combination of 9 and 30. It is found, 
either by inspection or by using the Euclidean Algorithm, that 3 = 9(—3) + 30-1, so 
that 


21 = 7-3 = 9-21) = 30(-7) 


Thus, x = —21, y = —7 satisfy the Diophantine equation and, in consequence, all 
solutions of the congruence in question are to be found from the formula 


x = —21 + (30/3)t = —21 + 101 


The integers x = —21 + 10t, where t = 0, 1, 2, are incongruent modulo 30 (but all are 
congruent modulo 10); thus, we end up with the incongruent solutions 


= —21 (mod 30) = —11 (mod 30) = —1 (mod 30) 


or, if one prefers positive numbers, x = 9, 19, 29 (mod 30). 


Having considered a single linear congruence, it is natural to turn to the problem 


of solving a system of simultaneous linear congruences: 


a,x = b; (mod m)), aox = b2 (mod m2), ..., a-x = b, (mod m,) 


We shall assume that the moduli m, are relatively prime in pairs. Evidently, the 
system will admit no solution unless each individual congruence is solvable; that 
is, unless d, | by for each k, where d, = gcd(ax, my). When these conditions are 
satisfied, the factor d, can be canceled in the kth congruence to produce a new 
system having the same set of solutions as the original one: 


a,x = b) (mod nj), ax = b5 (mod np), ..., a,x = bi. (mod n,) 
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where n, = m;/d, and gcd(n;,n;) = 1 fori ¥ j; in addition, gcd(a},n;) = 1. The 
solutions of the individual congruences assume the form 


xX =c; (mod n)), x = c2 (mod np), ..., x =, (mod n,) 


Thus, the problem is reduced to one of finding a simultaneous solution of a system 
of congruences of this simpler type. 

The kind of problem that can be solved by simultaneous congruences has a 
long history, appearing in the Chinese literature as early as the lst century A.D. 
Sun-Tsu asked: Find a number that leaves the remainders 2, 3, 2 when divided by 
3,5, 7, respectively. (Such mathematical puzzles are by no means confined to a single 
cultural sphere; indeed, the same problem occurs in the Introductio Arithmeticae 
of the Greek mathematician Nicomachus, circa 100 A.D.) In honor of their early 
contributions, the rule for obtaining a solution usually goes by the name of the 
Chinese Remainder Theorem. 


Theorem 4.8 Chinese Remainder Theorem. Letn,, 12, ...,”, be positive integers 
such that gcd(n;,n;) = 1 fori # j. Then the system of linear congruences 

x =a, (mod n}) 

Xx = a2 (mod nz) 


x =a, (mod n,) 


has a simultaneous solution, which is unique modulo the integer n,n2---n,. 


Proof. We start by forming the product n = njn2---n,;. For eachk = 1,2,...,r, let 

n 

Nx =—=Nn\ so Ng-{Nk4+1 oy 

Nk 
In words, N; is the product of all the integers n; with the factor n, omitted. By hy- 
pothesis, the n; are relatively prime in pairs, so that gcd(N;, n,) = 1. According to the 
theory of a single linear congruence, it is therefore possible to solve the congruence 
N,x = 1 (mod nx); call the unique solution x;. Our aim is to prove that the integer 


X = a,N, x1 + a2N2x2 +--+ + .a,N;x; 


is a Simultaneous solution of the given system. 
First, observe that N; = 0 (mod n;) for i 4 k, because n,; | N; in this case. The 
result is 


X = a,Nix,+---+a,N,x, = a,Nyxx (mod nz) 


But the integer x, was chosen to satisfy the congruence N,x = 1 (mod n;,;), which 
forces 


X¥=aq,-1=aq; (mod n;) 


This shows that a solution to the given system of congruences exists. 
As for the uniqueness assertion, suppose that x’ is any other integer that satisfies 
these congruences. Then 


X =a, = x’ (mod nz) | inl a a 
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and so nx, |x —x’ for each value of k. Because gcd(n;,n;) = 1, Corollary 2 to 
Theorem 2.4 supplies us with the crucial point that njn2---n, |x — x’; hence 
xX = x’ (mod n). With this, the Chinese Remainder Theorem is proven. 


Example 4.9. The problem posed by Sun-Tsu corresponds to the system of three 
congruences 


x = 2 (mod 3) 
x = 3 (mod 5) 
x = 2 (mod 7) 
In the notation of Theorem 4.8, we haven = 3-5-7 = 105 and 
N= 5 =35 NS Ny => =15 


Now the linear congruences 
35x = 1 (mod 3) 21x = 1 (mod 5) 15x = 1 (mod 7) 


are satisfied by x; = 2, x2 = 1, x3 = 1, respectively. Thus, a solution of the system is 
given by 


e32+3522 321-14 221521 = 233 
Modulo 105, we get the unique solution x = 233 = 23 (mod 105). 


Example 4.10. For a second illustration, let us solve the linear congruence 
17x = 9 (mod 276) 


Because 276 = 3 -4- 23, this is equivalent to finding a solution for the system of 
congruences 


17x = 9 (mod 3) or x = 0 (mod 3) 
17x = 9 (mod 4) x = 1 (mod 4) 
17x = 9 (mod 23) 17x = 9 (mod 23) 


Note that if x = 0 (mod 3), then x = 3k for any integer k. We substitute into the second 
congruence of the system and obtain 


3k = 1 (mod 4) 
Multiplication of both sides of this congruence by 3 gives us 
k = 9k = 3 (mod 4) 
so that k = 3 + 4), where j is an integer. Then 
x=36+4j)=9+12j 
For x to satisfy the last congruence, we must have 
179 + 127) = 9 (mod 23) 


or 2047 = —144 (mod 23), which reduces to 3 = 6 (mod 23); in consequence, j = 2 
(mod 23). This yields j = 2 + 23t, with ¢ an integer, whence 


x =9+12(2 + 23t) = 33 + 276t 
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All in all, x = 33 (mod 276) provides a solution to the system of congruences and, in 
turn, a solution to 17x = 9 (mod 276). 


We should say a few words about linear congruences in two variables; that is, 
congruences of the form 
ax + by =c (mod n) 
In analogy with Theorem 4.7, such a congruence has a solution if and only if 
gcd(a, b, n) divides c. The condition for solvability holds if either gcd(a, n) = 1 
or gcd(b, n) = 1. Say gcd(a, n) = 1. When the congruence is expressed as 
ax =c — by (modn) 


the corollary to Theorem 4.7 guarantees a unique solution x for each of the 
n incongruent values of y. Take as a simple illustration 7x + 4y = 5 (mod 12), 
that would be treated as 7x = 5 — 4y (mod 12). Substitution of y = 5 (mod 12) 
gives 7x = —15 (mod 12); but this is equivalent to —5x = —15 (mod 12) so that 
x = 3 (mod 12). It follows that x = 3 (mod 12), y = 5 (mod 12) is one of the 12 
incongruent solutions of 7x + 4y = 5 (mod 12). Another solution having the same 
value of x is x = 3 (mod 12), y = 8 (mod 12). 

The focus of our concern here is how to solve a system of two linear congruences 
in two variables with the same modulus. The proof of the coming theorem adopts 
the familiar procedure of eliminating one of the unknowns. 


Theorem 4.9. The system of linear congruences 
ax + by =r (mod n) 
cx + dy =s (mod n) 


has a unique solution modulo n whenever gcd(ad — bc, n) = 1. 


Proof. Let us multiply the first congruence of the system by d, the second congruence 
by b, and subtract the lower result from the upper. These calculations yield 


(ad — bc)x = dr — bs (mod n) (1) 
The assumption gcd(ad — bc, n) = 1 ensures that the congruence 
(ad — bc)z = 1 (mod n) 


posseses a unique solution; denote the solution by t. When congruence (1) is multiplied 
by t, we obtain 


x = t(dr — bs) (mod n) 


A value for y is found by a similar elimination process. That is, multiply the first 
congruence of the system by c, the second one by a, and subtract to end up with 


(ad — bc)y = as — cr (mod n) (2) 
Multiplication of this congruence by ¢ leads to 
y = t(as — cr) (mod n) 


A solution of the system is now established. 


We close this section with an example illustrating Theorem 4.9. 
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Example 4.11. Consider the system 


7x + 3y = 10 (mod 16) 
2x + 5y = 9 (mod 16) 


Because gced(7 - 5 — 2-3, 16) = gcd(29, 16) = 1, a solution exists. It is obtained by 
the method developed in the proof of Theorem 4.9. Multiplying the first congruence 
by 5, the second one by 3, and subtracting, we arrive at 


29x =5-10—3-9 = 23 (mod 16) 


or, what is the same thing, 13x = 7 (mod 16). Multiplication of this congruence by 5 
(noting that 5 - 13 = 1 (mod 16)) produces x = 35 = 3 (mod 16). When the variable 
x is eliminated from the system of congruences in a like manner, it is found that 


29y =7-9—2-10= 43 (mod 16) 


But then 13y = 11 (mod 16), which upon multiplication by 5, results in y=55 = 
7 (mod 16). The unique solution of our system turns out to be 


x = 3 (mod 16) y = 7 (mod 16) 


PROBLEMS 4.4 


1. Solve the following linear congruences: 
(a) 25x = 15 (mod 29). 
(b) 5x = 2 (mod 26). 
(c) 6x = 15 (mod 21). 
(d) 36x = 8 (mod 102). 
(e) 34x = 60 (mod 98). 
(f) 140x = 133 (mod 301). 
[Hint: gcd(140, 301) = 7.] 
2. Using congruences, solve the Diophantine equations below: 
(a) 4x +5ly = 9. 
[Hint: 4x =9 (mod 51) gives x = 15+51t, whereas 51y =9 (mod 4) gives 
y = 3 + 4s. Find the relation between s and f.] 
(b) 12x + 25y = 331. 
(c) 5x —53y = 17. 
3. Find all solutions of the linear congruence 3x — 7y = 11 (mod 13). 
4. Solve each of the following sets of simultaneous congruences: 
(a) x = 1 (mod 3), x = 2 (mod 5), x = 3 (mod 7). 
(b) x = 5 (mod 11), x = 14 (mod 29), x = 15 (mod 31). 
(c) x = 5 (mod 6), x = 4 (mod 11), x = 3 (mod 17). 
(d) 2x = 1 (mod 5), 3x = 9 (mod 6), 4x = 1 (mod 7), 5x = 9 (mod 11). 
5. Solve the linear congruence 17x = 3 (mod 2- 3-5-7) by solving the system 


17x = 3 (mod 2) 17x = 3 (mod 3) 
17x = 3 (mod 5) 17x = 3 (mod 7) 


6. Find the smallest integer a > 2 such that 


2\a, 3\a+1, 4/a+2,5|a+3,6|a+4 


10. 


11. 


12. 


13. 
14. 


15. 


16. 


17. 


18. 
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. (a) Obtain three consecutive integers, each having a square factor. 


[Hint: Find an integer a such that 27 |a,37|a+1,5*|a+2.] 
(b) Obtain three consecutive integers, the first of which is divisible by a square, the 
second by a cube, and the third by a fourth power. 


. (Brahmagupta, 7th century A.D.) When eggs in a basket are removed 2, 3, 4, 5, 6 ata 


time there remain, respectively, 1, 2, 3, 4, 5 eggs. When they are taken out 7 at a time, 
none are left over. Find the smallest number of eggs that could have been contained in 
the basket. 


. The basket-of-eggs problem is often phrased in the following form: One egg remains 


when the eggs are removed from the basket 2, 3, 4, 5, or 6 at a time; but, no eggs remain 
if they are removed 7 at a time. Find the smallest number of eggs that could have been 
in the basket. 

(Ancient Chinese Problem.) A band of 17 pirates stole a sack of gold coins. When they 
tried to divide the fortune into equal portions, 3 coins remained. In the ensuing brawl over 
who should get the extra coins, one pirate was killed. The wealth was redistributed, but 
this time an equal division left 10 coins. Again an argument developed in which another 
pirate was killed. But now the total fortune was evenly distributed among the survivors. 
What was the least number of coins that could have been stolen? 

Prove that the congruences 


x =a (modn) and x = b (mod m) 


admit a simultaneous solution if and only if gcd(n, m) | a — b; if a solution exists, confirm 
that it is unique modulo Icm(n, m). 
Use Problem 11 to show that the following system does not possess a solution: 


x = 5 (mod 6) and x = 7 (mod 15) 


If x = a (mod n), prove that either x = a (mod 2n) or x = a +n (mod 27). 

A certain integer between 1 and 1200 leaves the remainders 1, 2, 6 when divided by 9, 

11, 13, respectively. What is the integer? 

(a) Find an integer having the remainders 1, 2, 5, 5 when divided by 2, 3, 6, 12, respec- 
tively. (Yih-hing, died 717). 

(b) Find an integer having the remainders 2, 3, 4, 5 when divided by 3, 4, 5, 6, respectively. 
(Bhaskara, born 1114). 

(c) Find an integer having the remainders 3, 11, 15 when divided by 10, 13, 17, respec- 
tively. (Regiomontanus, 1436-1476). 

Let 4, denote the nth triangular number. For which values of n does t, divide 


+igte- +h 
[Hint: Because t? + 12 +--+ 1? = t,(3n? + 12n” + 13n + 2)/30, it suffices to deter- 
mine those n satisfying 3n? + 12n? + 13n + 2 = 0 (mod 2-3-5).] 
Find the solutions of the system of congruences: 
3x + 4y = 5 (mod 13) 
2x + 5y =7 (mod 13) 


Obtain the two incongruent solutions modulo 210 of the system 
2x = 3 (mod 5) 
4x = 2 (mod 6) 


3x = 2 (mod 7) 
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19. Obtain the eight incongruent solutions of the linear congruence 3x + 4y = 5 (mod 8). 
20. Find the solutions of each of the following systems of congruences: 
(a) 5x +3y = 1 (mod 7) 
3x + 2y = 4 (mod 7). 
(b) 7x +3y = 6 (mod 11) 
4x + 2y = 9 (mod 11). 
(c) 1lx +5y =7 (mod 20) 
6x + 3y = 8 (mod 20). 


CHAPTER 


5 


FERMAT’S THEOREM 


And perhaps posterity will thank me for having shown it that the 
ancients did not know everything. 
P. DE FERMAT 


5.1 PIERRE DE FERMAT 


What the ancient world had known was largely forgotten during the intellectual 
torpor of the Dark Ages, and it was only after the 12th century that Western Europe 
again became conscious of mathematics. The revival of classical scholarship was 
stimulated by Latin translations from the Greek and, more especially, from the 
Arabic. The Latinization of Arabic versions of Euclid’s great treatise, the Elements, 
first appeared in 1120. The translation was not a faithful rendering of the Elements, 
having suffered successive, inaccurate translations from the Greek—first into Arabic, 
then into Castilian, and finally into Latin—done by copyists not versed in the content 
of the work. Nevertheless, this much-used copy, with its accumulation of errors, 
served as the foundation of all editions known in Europe until 1505, when the Greek 
text was recovered. 

With the fall of Constantinople to the Turks in 1453, the Byzantine schol- 
ars who had served as the major custodians of mathematics brought the ancient 
masterpieces of Greek learning to the West. It is reported that a copy of what sur- 
vived of Diophantus’s Arithmetica was found in the Vatican library around 1462 by 
Johannes Muller (better known as Regiomontanus from the Latin name of his native 
town, Konigsberg). Presumably, it had been brought to Rome by the refugees from 
Byzantium. Regiomontanus observed, “In these books the very flower of the whole 
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Pierre de Fermat 
(1601-1665) 


(David Eugene Smith Collection, Rare Book 
and Manuscript Library, Columbia University) 


of arithmetic lies hid,” and tried to interest others in translating it. Notwithstanding 
the attention that was called to the work, it remained practically a closed book until 
1572 when the first translation and printed edition was brought out by the German 
professor Wilhelm Holzmann, who wrote under the Grecian form of his name, 
Xylander. The Arithmetica became fully accessible to European mathematicians 
when Claude Bachet—borrowing liberally from Xylander—published (1621) the 
original Greek text, along with a Latin translation containing notes and comments. 
The Bachet edition probably has the distinction of being the work that first directed 
the attention of Fermat to the problems of number theory. 

Few if any periods were so fruitful for mathematics as was the 17th century; 
Northern Europe alone produced as many men of outstanding ability as had ap- 
peared during the preceding millennium. At a time when such names as Desargues, 
Descartes, Pascal, Wallis, Bernoulli, Leibniz, and Newton were becoming famous, a 
certain French civil servant, Pierre de Fermat (1601-1665), stood as an equal among 
these brilliant scholars. Fermat, the “Prince of Amateurs,” was the last great mathe- 
matician to pursue the subject as a sideline to a nonscientific career. By profession a 
lawyer and magistrate attached to the provincial parliament at Toulouse, he sought 
refuge from controversy in the abstraction of mathematics. Fermat evidently had no 
particular mathematical training and he evidenced no interest in its study until he 
was past 30; to him, it was merely a hobby to be cultivated in leisure time. Yet no 
practitioner of his day made greater discoveries or contributed more to the advance- 
ment of the discipline: one of the inventors of analytic geometry (the actual term was 
coined in the early 19th century), he laid the technical foundations of differential 
and integral calculus and, with Pascal, established the conceptual guidelines of the 
theory of probability. Fermat’s real love in mathematics was undoubtedly number 
theory, which he rescued from the realm of superstition and occultism where it had 
long been imprisoned. His contributions here overshadow all else; it may well be 
said that the revival of interest in the abstract side of number theory began with 
Fermat. 
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Fermat preferred the pleasure he derived from mathematical research itself to any 
reputation that it might bring him; indeed, he published only one major manuscript 
during his lifetime and that just 5 years before his death, using the concealing initials 
M.P.E.A.S. Adamantly refusing to put his work in finished form, he thwarted several 
efforts by others to make the results available in print under his name. In partial 
compensation for his lack of interest in publication, Fermat carried on a voluminous 
correspondence with contemporary mathematicians. Most of what little we know 
about his investigations is found in the letters to friends with whom he exchanged 
problems and to whom he reported his successes. They did their best to publicize 
Fermat’s talents by passing these letters from hand to hand or by making copies, 
which were dispatched over the Continent. 

As his parliamentary duties demanded an ever greater portion of his time, Fermat 
was given to inserting notes in the margin of whatever book he happened to be 
using. Fermat’s personal copy of the Bachet edition of Diophantus held in its margin 
many of his famous theorems in number theory. These were discovered by his son 
Samuel 5 years after Fermat’s death. His son brought out a new edition of the 
Arithmetica incorporating Fermat’s celebrated marginalia. Because there was little 
space available, Fermat’s habit had been to jot down some result and omit all steps 
leading to the conclusion. Posterity has wished many times that the margins of the 
Arithmetica had been wider or that Fermat had been a little less secretive about his 
methods. 


5.2) FERMAT’S LITTLE THEOREM AND PSEUDOPRIMES 


The most significant of Fermat’s correspondents in number theory was Bernhard 
Frénicle de Bessy (1605-1675), an official at the French mint who was renowned for 
his gift of manipulating large numbers. (Frénicle’s facility in numerical calculation is 
revealed by the following incident: On hearing that Fermat had proposed the problem 
of finding cubes that when increased by their proper divisors become squares, as is the 
case with 7° + (1 + 7+ 7%) = 20°, he immediately gave four different solutions, and 
supplied six more the nextday.) Though in no way Fermat’s equal as a mathematician, 
Frénicle alone among his contemporaries could challenge Fermat in number theory 
and Frénicle’s challenges had the distinction of coaxing out of Fermat some of his 
carefully guarded secrets. One of the most striking is the theorem that states: If p 
is a prime and a is any integer not divisible by p, then p divides a?~! — 1. Fermat 
communicated the result in a letter to Frénicle dated October 18, 1640, along with 
the comment, “I would send you the demonstration, if I did not fear its being too 
long.” This theorem has since become known as “Fermat’s Little Theorem,” or just 
“Fermat’s Theorem,” to distinguish it from Fermat’s “Great” or “Last Theorem,” 
which is the subject of Chapter 12. Almost 100 years were to elapse before Euler 
published the first proof of the little theorem in 1736. Leibniz, however, seems not 
to have received his share of recognition, for he left an identical argument in an 
unpublished manuscript sometime before 1683. 
We now proceed to a proof of Fermat’s theorem. 
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Theorem 5.1 Fermat’s theorem. Let p be a prime and suppose that p J a. Then 
a?-! = 1 (mod p). 


Proof. We begin by considering the first p — 1 positive multiples of a; that is, the 
integers 
a, 2a, 3a,...,(p— la 


None of these numbers is congruent modulo p to any other, nor is any congruent to 
zero. Indeed, if it happened that 


ra = sa (mod p) l<r<s<p-l 


then a could be canceled to give r = s (mod p), which is impossible. Therefore, the 
previous set of integers must be congruent modulo p to 1, 2,3,..., p — 1, taken in 
some order. Multiplying all these congruences together, we find that 


a-2a-3a---(p— la =1-2-3---(p — 1) (mod p) 
whence 
a’~'(p — 1)! = (p — 1)! (mod p) 


Once (p — 1)! 1s canceled from both sides of the preceding congruence (this is possible 
because since p J (p — 1)!), our line of reasoning culminates in the statement that 
a?—! = 1 (mod p), which is Fermat’s theorem. 


This result can be stated in a slightly more general way in which the requirement 


that p { ais dropped. 


Corollary. If p is a prime, then a? = a (mod p) for any integer a. 
Proof. When p|a, the statement obviously holds; for, in this setting, a? =O=a 


(mod p). If p J a, then according to Fermat’s theorem, we have a?~! = 1 (mod p). 
When this congruence is multiplied by a, the conclusion a? = a (mod p) follows. 


There is a different proof of the fact that a? = a (mod p), involving induction 


on a. If a = 1, the assertion is that 1? = 1 (mod p), which clearly is true, as is the 
case a = 0. Assuming that the result holds for a, we must confirm its validity for 
a + 1. In light of the binomial theorem, 


G+ praare (Parte +(P)arta4(? Jat 


where the coefficient (7) is given by 


ae Pp! p(p—-1)---(p—k +1) 
kK} k\p—k! 1-2.3---k 


Our argument hinges on the observation that (7) = 0 (mod p) for 1 <k < p—1. 
To see this, note that 


ae — p(p—1)--:(p —k + 1) = 0 (mod p) 
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by virtue of which p |k! or p| (2). But p | k! implies that p | j for some j satisfying 
1 < j <k < p —1, an absurdity. Therefore, p | (2) or, converting to a congruence 


statement, 
@ ) = 0 (mod p) 


The point we wish to make is that 
(a+ 1)? =a’? +1=a+1 (mod p) 


where the rightmost congruence uses our inductive assumption. Thus, the desired 
conclusion holds for a + 1 and, in consequence, for all a > 0. If a happens to be 
a negative integer, there is no problem: because a = r (mod p) for some r, where 
O<r< p-—1,we geta? =r? =r =a (mod p). 

Fermat’s theorem has many applications and is central to much of what is done 
in number theory. In the least, it can be a labor-saving device in certain calculations. 
If asked to verify that 5*® = 4 (mod 11), for instance, we take the congruence 5!° = 1 
(mod 11) as our starting point. Knowing this, 


538 = 510-348 = (519)3(52)4 
= 13.34 = 81 = 4 (mod 11) 


as desired. 
Another use of Fermat’s theorem is as a tool in testing the primality of a given 
integer n. If it could be shown that the congruence 


a" =a (mod n) 


fails to hold for some choice of a, then n is necessarily composite. As an example 
of this approach, let us look at n = 117. The computation is kept under control by 
selecting a small integer for a, say, a = 2. Because 2'!’ may be written as 


QUT _ g716+5 _ (27)1695 
and 2? = 128 = 11 (mod 117), we have 
QS eS Oy Sd mod 17) 
But 27! = (27)3, which leads to 
OF" eee 119 = 121 «11 = 4-11 = 44 (mod 117) 
Combining these congruences, we finally obtain 
2!” = 44 2 (mod 117) 


so that 117 must be composite; actually, 117 = 13 - 9. 

It might be worthwhile to give an example illustrating the failure of the converse 
of Fermat’s theorem to hold, in other words, to show that if a”?~! = 1 (mod n) for 
some integer a, then n need not be prime. As a prelude we require a technical lemma. 


Lemma. If p and q are distinct primes with a? = a (mod q) and a? = a (mod p), 
then a?? =a (mod pq). 
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Proof. The last corollary tells us that (a7)? = a? (mod p), whereas a? = a (mod p) 
holds by hypothesis. Combining these congruences, we obtain a’? = a (mod p) or, in 
different terms, p | a’? — a. In an entirely similar manner, qg | a’? — a. Corollary 2 to 
Theorem 2.4 now yields pq | a?4 — a, which can be recast as a?? = a (mod pq). 


Our contention is that 2*4° = 1 (mod 341), where 341 = 11 - 31. In working 
toward this end, notice that 2!° = 1024 = 31 - 33+ 1. Thus, 


2 —9.2!°=2.1=2 (mod 31) 
and 
27! = 272) =2-13 =2 (mod 11) 
Exploiting the lemma, 
2'131 = 2 (mod 11 - 31) 
or 2°41 = 2 (mod 341). After canceling a factor of 2, we pass to 
2°49 = 1 (mod 341) 


so that the converse to Fermat’s theorem is false. 

The historical interest in numbers of the form 2” — 2 resides in the claim made by 
Chinese mathematicians over 25 centuries ago that n is prime if and only ifn | 2” — 2 
(in point of fact, this criterion is reliable for all integers n < 340). Our example, 
where 341 | 2*4! — 2, although 341 = 11 - 31, lays the conjecture to rest; this was 
discovered in the year 1819. The situation in which n | 2” — 2 occurs often enough 
to merit a name, though: a composite integer n is called pseudoprime whenever 
n|2” — 2. It can be shown that there are infinitely many pseudoprimes, the smallest 
four being 341, 561, 645, and 1105. 

Theorem 5.2 allows us to construct an increasing sequence of pseudoprimes. 


Theorem 5.2. If is an odd pseudoprime, then M, = 2” — 1 is a larger one. 


Proof. Because n is a composite number, we can write n =rs, with 1<r< 
s <n. Then, according to Problem 21, Section 2.3, 2” — 1|2” — 1, or equivalently 
2” —1|M,, making M, composite. By our hypotheses, 2” = 2 (mod n); hence 
2” — 2 = kn for some integer k. It follows that 


QMn—1 = g2"—2 = okn 
This yields 


eS ee 
= (2% — 1)(2"&-D 4 grk—-2) 4... 42" 4:1) 
= M,(2"&-D + 2n&—-2) 4... +2" + 1) 
= (0 (mod M,,) 


We see immediately that 2” — 2 = 0(mod M,,), in light of which M,, is a pseudoprime. 


FERMAT’S THEOREM 91 


More generally, a composite integer n for which a” = a (mod n) is called a 
pseudoprime to the base a. (When a = 2, n is simply said to be a pseudoprime.) For 
instance, 91 is the smallest pseudoprime to base 3, whereas 217 is the smallest such 
to base 5. It has been proved (1903) that there are infinitely many pseudoprimes to 
any given base. 

These “prime imposters” are much rarer than are actual primes. Indeed, there are 
only 247 pseudoprimes smaller than one million, in comparison with 78498 primes. 
The first example of an even pseudoprime, namely, the number 


161038 = 2-73-1103 


was found in 1950. 

There exist composite numbers n that are pseudoprimes to every base a; 
that is, a”! = 1 (mod n) for all integers a with gcd(a, n) = 1. The least such is 
561. These exceptional numbers are called absolute pseudoprimes or Carmichael 
numbers, for R. D. Carmichael, who was the first to notice their existence. In 
his first paper on the subject, published in 1910, Carmichael indicated four ab- 
solute pseudoprimes including the well-known 561 = 3-11-17. The others are 
1105 = 5-13-17, 2821 = 7-13-31, and 15841 = 7-31-73. Two years later he 
presented 11 more having three prime factors and discovered one absolute pseudo- 
prime with four factors, specifically, 16046641 = 13 - 37-73 - 457. 

To see that 561 = 3-11-17 must be an absolute pseudoprime, notice that 
gcd(a, 561) = 1 gives 

gcd(a, 3) = gced(a, 11) = gced(a,17)=1 
An application of Fermat’s theorem leads to the congruences 
a’ =1(mod3) a'=1(mod11) — a'® =1 (mod 17) 

and, in turn, to 

a = (a*)®° = 1 (mod 3) 

a> = (q!°y® = 1 (mod 11) 

a°® = (a'®)5 = 1 (mod 17) 
These give rise to the single congruence a> = 1 (mod 561), where gcd(a, 561) = 1. 
But then a*°! = a (mod 561) for all a, showing 561 to be an absolute pseudoprime. 

Any absolute pseudoprime is square-free. This is easy to prove. Suppose 
thata” = a(modn) for every integer a, but k? |n forsomek > 1.If weleta = k, then 
k” =k (mod n). Because k? |n, this last congruence holds modulo k’; that is, k = 
k” = 0 (mod k?), whence k? | k, which is impossible. Thus, m must be square-free. 


Next we present a theorem that furnishes a means for producing absolute 
pseudoprimes. 


Theorem 5.3. Let n be a composite square-free integer, say, n = p1P2--- pr, where 
the p; are distinct primes. If pj — 1|n — 1 fori = 1,2,...,7, then n is an absolute 
pseudoprime. 
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Proof. Suppose that a is an integer satisfying gcd(a, n) = 1, so that gcd(a, p;) = 1 
for each i. Then Fermat’s theorem yields p; |a?'~! — 1. From the divisibility hy- 
pothesis p; — 1|n — 1, we have p; |a”~! — 1, and therefore p; | a” — a for all a and 
i=1,2,...,r. Asa result of Corollary 2 to Theorem 2.4, we end up with n | a” — a, 
which makes n an absolute pseudoprime. 


Examples of integers that satisfy the conditions of Theorem 5.3 are 


L729 = 7 = 13 219 6601 = 7-23-41 10585 = 5-29 - 73 


It was proven in 1994 that infinitely many absolute pseudoprimes exist, but that they 
are fairly rare. There are just 43 of them less than one million, and 105212 less 
than 10). 


PROBLEMS 5.2 


1. 
2. 


im) 


wm 


~I 


10. 


11. 


Use Fermat’s theorem to verify that 17 divides 11! + 1. 
(a) If gcd(a, 35) = 1, show that a!* = 1 (mod 35). 
[Hint: From Fermat’s theorem a® = 1 (mod 7) and a* = 1 (mod 5).] 
(b) If gcd(a, 42) = 1, show that 168 = 3 -7 - 8 divides oa 
(c) If gcd(a, 133) = gced(b, 133) = 1, show that 133 |al8 — p18, 


. From Fermat’s theorem deduce that, for any integer n > 0, 13 | 11!2"*° + 1. 
. Derive each of the following congruences: 


(a) a?! = a (mod 15) for alla. 
[Hint: By Fermat’s theorem, a> = a (mod 5).] 
(b) a’? = a (mod 42) for all a. 
(c) a3 = a (mod3-7- 13) foralla. 
(d) a? = a (mod 30) for all a. 


. If gcd(a, 30) = 1, show that 60 divides a* + 59. 
. (a) Find the units digit of 3! by the use of Fermat’s theorem. 


(b) For any integer a, verify that a> and a have the same units digit. 
» g » g 


. If7 Ja, prove that either a> + 1 or a> — 1 is divisible by 7. 
. The three most recent appearances of Halley’s comet were in the years 1835, 1910, and 


1986; the next occurrence will be in 2061. Prove that 


18351710 + 198670! = 0 (mod 7) 


. (a) Let p be a prime and gcd(a, p) = 1. Use Fermat’s theorem to verify that x = a?~*b 


(mod p) is a solution of the linear congruence ax = b (mod p). 
(b) By applying part (a), solve the congruences 2x = 1 (mod 31), 6x = 5 (mod 11), and 
3x = 17 (mod 29). 
Assuming that a and b are integers not divisible by the prime p, establish the following: 
(a) If a? = b? (mod p), thena = b (mod p). 
(b) If a? = b? (mod p), thena? = b? (mod p’”). 
[Hint: By (a),a = b + pk forsomek, sothata? — b? = (b+ pk)? — b?; now show 
that p* divides the latter expression.] 
Employ Fermat’s theorem to prove that, if p is an odd prime, then 
(a) 12-14 2?-1 437-1 4...4(p —1)?-! se —1 (mod p). 
(b) 1? +2? +3? +.---+(p— 1)? = 0 (mod p). 
[Hint: Recall the identity 1+2+3+---+(p-—1)= p(p -1)/2.] 


12. 


13. 


14. 


15. 


16. 


17. 


18. 


19. 


20. 


21. 
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Prove that if p is an odd prime and k is an integer satisfying 1 < k < p — 1, then the 
binomial coefficient 


G : ') = (—1) (mod p) 


Assume that p and q are distinct odd primes such that p — 1|q — 1. If gced(a, pq) = 1, 
show that a7~! = 1 (mod pq). 
If p and q are distinct primes, prove that 


p?-'+q?"' =1 (mod pq) 


Establish the statements below: 

(a) If the number M, = 2? — 1 is composite, where p is a prime, then M, is a pseudo- 
prime. 

(b) Every composite number F, = 2?" + 1 is a pseudoprime (n = 0, 1,2, ...). 
[Hint: By Problem 21, Section 2.3, 2"+!|2?" implies that 22" — 1)2%-1 — 1, 
but F,, |2?"" — 1.] 

Confirm that the following integers are absolute pseudoprimes: 

(a) 1105 = 5-13-17. 

(b) 2821 = 7-13-31. 

tc) 2465 = 5 917-29, 

Show that the smallest pseudoprime 341 is not an absolute pseudoprime by showing that 

1134! 4 11 (mod 341). 

[Hint: 31 41174! — 11.] 

(a) When n = 2p, where p is an odd prime, prove that a”~! = a (mod n) for any 
integer a. 

(b) Forn = 195 = 3-5 - 13, verify that a”~* = a (mod n) for any integer a. 

Prove that any integer of the form 


n = (6k + 1)(12k + 1)(18k + 1) 


is an absolute pseudoprime if all three factors are prime; hence, 1729 = 7-13-19 is an 
absolute pseudoprime. 

Show that 561 | 2°! — 2 and 561 | 3°¢! — 3. It is an unanswered question whether there 
exist infinitely many composite numbers n with the property that n | 2” — 2 andn | 3” — 3. 
Establish the congruence 


2222°> 4. 55557222 = 0) (mod 7) 


[Hint: First evaluate 1111 modulo 7.] 


5.3 WILSON’S THEOREM 


We now turn to another milestone in the development of number theory. In his 
Meditationes Algebraicae of 1770, the English mathematician Edward Waring 
(1734-1798) announced several new theorems. Foremost among these is an in- 
teresting property of primes reported to him by one of his former students, a certain 
John Wilson. The property is the following: If p is a prime number, then p divides 
(p — 1)!+ 1. Wilson appears to have guessed this on the basis of numerical com- 
putations; at any rate, neither he nor Waring knew how to prove it. Confessing his 
inability to supply a demonstration, Waring added, “Theorems of this kind will be 
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very hard to prove, because of the absence of a notation to express prime numbers.” 
(Reading the passage, Gauss uttered his telling comment on “notationes versus no- 
tiones,” implying that in questions of this nature it was the notion that really mattered, 
not the notation.) Despite Waring’s pessimistic forecast, soon afterward Lagrange 
(1771) gave a proof of what in literature is called “‘Wilson’s theorem” and observed 
that the converse also holds. Perhaps it would be more just to name the theorem after 
Leibniz, for there is evidence that he was aware of the result almost a century earlier, 
but published nothing on the subject. 
Now we give a proof of Wilson’s theorem. 


Theorem 5.4 Wilson. If p is a prime, then (p — 1)! = —1 (mod p). 


Proof. Dismissing the cases p = 2 and p = 3 as being evident, let us take p > 3. 
Suppose that a is any one of the p — 1 positive integers 


1p 


and consider the linear congruence ax = 1 (mod p). Then gcd(a, p) = 1. By Theorem 
4.7, this congruence admits a unique solution modulo p; hence, there is a unique integer 
a’, with 1 < a’ < p —1, satisfying aa’ = 1 (mod p). 

Because p is prime, a = a’ if and only if a = 1 or a = p — 1. Indeed, the con- 
gruence a* = 1 (mod p) is equivalent to (a — 1) - (a + 1) = 0 (mod p). Therefore, 
either a — 1 = 0 (mod p), in which case a = 1, ora + 1 = 0 (mod p), in which case 
a=p-l. 

If we omit the numbers 1 and p — 1, the effect is to group the remaining integers 
2,3,..., p — 2 into pairs a, a’, where a # a’, such that their product aa’ = 1 (mod p). 
When these (p — 3)/2 congruences are multiplied together and the factors rearranged, 
we get 


2-3---(p — 2) = 1 (mod p) 
or rather 


(p — 2)! = 1 (mod p) 
Now multiply by p — 1 to obtain the congruence 


(p — 1)! = p—1=-—1 (mod p) 


as was to be proved. 


Example 5.1. A concrete example should help to clarify the proof of Wilson’s theorem. 
Specifically, let us take p = 13. It is possible to divide the integers 2,3,..., 11 into 
(p — 3)/2 = 5 pairs, each product of which is congruent to 1 modulo 13. To write 
these congruences out explicitly: 
2-7= 1 (mod 13) 
3-9 = 1 (mod 13) 
4-10 = 1 (mod 13) 
5-8 = 1 (mod 13) 
6-11 = 1 (mod 13) 
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Multiplying these congruences gives the result 
11!=(2-.7)3-9)4- 10)(5 - 8)(6- 11) = 1 (mod 13) 
and so 
12! = 12 = —1 (mod 13) 
Thus, (p — 1)! = —1 (mod p), with p = 13. 


The converse of Wilson’s theorem is also true. If (n — 1)! = —1 (mod n), then 
n must be prime. For, if n is not a prime, then 7 has a divisor d with 1 <d <n. 
Furthermore, because d < n — 1,d occurs as one of the factors in (n — 1)!, whence 
d |(n — 1)!. Now we are assuming that n | (m — 1)! + 1, and sod |(n — 1)! + 1, too. 
The conclusion is that d | 1, which is nonsense. 

Taken together, Wilson’s theorem and its converse provide a necessary and 
sufficient condition for determining primality; namely, an integer n > 1 is prime if 
and only if (n — 1)! = —1 (modjzn). Unfortunately, this test is of more theoretical than 
practical interest because as n increases, (n — 1)! rapidly becomes unmanageable in 
size. 

We would like to close this chapter with an application of Wilson’s theorem 
to the study of quadratic congruences. [It is understood that quadratic congruence 
means a congruence of the form ax* + bx + c = 0 (mod n), with a # 0 (mod n).] 
This is the content of Theorem 5.5. 


Theorem 5.5. The quadratic congruence x? + 1 = 0 (mod p), where p is an odd 
prime, has a solution if and only if p = 1 (mod 4). 


Proof. Let a be any solution of x? + 1 = 0(mod p), so thata* = —1 (mod p). Because 
Pp i a, the outcome of applying Fermat’s theorem is 
L=a? = (a*)?-Y? = (-1)?-Y/? (mod p) 
The possibility that p = 4k + 3 for some k does not arise. If it did, we would have 
(—1)2-D/2 = (a) ees ee | 


hence, 1 = —1 (mod p). The net result of this is that p|2, which is patently false. 
Therefore, p must be of the form 4k + 1. 
Now for the opposite direction. In the product 


(OSS ee Sp pe 1) 
we have the congruences 


p—1=-1 (mod p) 
p —2 = -2 (mod p) 


pel pa 
a = 7 (mod p) 
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Rearranging the factors produces 


—1 —1 
(P—Wlst- (1-2-2... 225. (P=) (mod p) 


2 
= (—1)0-D?2 (1 9 ioenas o—) (mod p) 


because there are (p — 1)/2 minus signs involved. It is at this point that Wilson’s 
theorem can be brought to bear; for, (p — 1)! = —1 (mod p), whence 


2 
=e (=p? (25) ] (mod p) 


If we assume that p is of the form 4k + 1, then (—1)°-)/? = 1, leaving us with the 


congruence 
=5 | 2 
-le (25 );| (mod p) 


The conclusion is that the integer [(p — 1)/2]! satisfies the quadratic congruence x” + 1 
= 0 (mod p). 


Let us take a look at an actual example, say, the case p = 13, which is a prime 
of the form 4k + 1. Here, we have (p — 1)/2 = 6, and it is easy to see that 


6! = 720 = 5 (mod 13) 
and 
5? +1 = 26 = 0 (mod 13) 


Thus, the assertion that [((p — 1)/2)!]* + 1 = 0 (mod p) is correct for p = 13. 
Wilson’s theorem implies that there exists an infinitude of composite numbers 
of the form n! + 1. On the other hand, it is an open question whether n! + 1 is prime 
for infinitely many values of n. The only values of n in the range 1 < n < 100 for 
which n! + 1 is known to be a prime number are n = 1, 2, 3, 11, 27, 37, 41, 73, and 
77. Currently, the largest prime of the form n! + 1 is 6380! + 1, discovered in 2000. 


PROBLEMS 5.3 


1. (a) Find the remainder when 15! is divided by 17. 
(b) Find the remainder when 2(26!) is divided by 29. 
. Determine whether 17 is a prime by deciding whether 16! = —1 (mod 17). 
. Arrange the integers 2, 3, 4,..., 21 in pairs a and b that satisfy ab = 1 (mod 23). 
. Show that 18! = —1 (mod 437). 
. (a) Prove that an integer n > 1 is prime if and only if (n — 2)! = 1 (mod n). 
(b) If n is a composite integer, show that (n — 1)! = 0 (mod n), except when n = 4. 
6. Given a prime number p, establish the congruence 


na bk WN 


(p—1)! = p—1 (mod 14+24+3+4+---+(p—1)) 


CO 


10. 


11. 


12. 


13. 


14. 


15. 


16. 
17. 


18. 
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. If p is a prime, prove that for any integer a, 


pla’ +(p-l)!a and p\|\(p—l)!a? +a 
[Hint: By Wilson’s theorem, a? + (p — 1)!a = a? — a (mod p).] 


. Find two odd primes p < 13 for which the congruence (p — 1)! = —1 (mod p?) holds. 
. Using Wilson’s theorem, prove that for any odd prime p, 


137 = 2) = (Pt mad’) 
[Hint: Because k = —(p — k) (mod p), it follows that 
2-4-6---(p—1) = (-1)?- 91 .3..5---(p — 2) (mod p).] 
(a) For a prime p of the form 4k + 3, prove that either 


(25+): 1 (moa p) or (2): = —1 (mod p) 


hence, [(p — 1)/2]! satisfies the quadratic congruence x* = 1 (mod p). 
(b) Use part (a) to show that if p = 4k + 3 is prime, then the product of all the even 
integers less than p is congruent modulo p to either 1 or —1. 
[Hint: Fermat’s theorem implies that 2~)/* = +1 (mod p).] 
Apply Theorem 5.5 to obtain two solutions to each of the quadratic congruences x” = —1 
(mod 29) and x? = —1 (mod 37). 
Show that if p = 4k + 3 is prime and a? + b? = 0 (mod p), then a = b = 0 (mod p). 
[Hint: If a $ 0 (mod p), then there exists an integer c such that ac = 1 (mod p); use this 
fact to contradict Theorem 5.5.] 
Supply any missing details in the following proof of the irrationality of /2: Suppose 
/2 = a/b, with gced(a, b) = 1. Then a? = 2b”, so that a? + b? = 3b*. But 3 | (a? + b?) 
implies that 3 | a and 3 | b, a contradiction. 
Prove that the odd prime divisors of the integer n? + 1 are of the form 4k + 1. 
[Hint: Theorem 5.5.] 
Verify that 4(29!) + 5! is divisible by 31. 
For a prime p and 0 < k < p — 1, show that k!(p — k — 1)! = (-1)**! (mod p). 
If p and q are distinct primes, prove that for any integer a, 


pq\a’? —a? —a4+a 
Prove that if p and p + 2 are a pair of twin primes, then 


4((p — 1)!+ 1) + p = 0 (mod p(p + 2)) 


5.4 THE FERMAT-KRAITCHIK FACTORIZATION METHOD 


In a fragment of a letter, written in all probability to Father Marin Mersenne in 1643, 
Fermat described a technique of his for factoring large numbers. This represented 
the first real improvement over the classical method of attempting to find a factor 
of n by dividing by all primes not exceeding ./n. Fermat’s factorization scheme has 
at its heart the observation that the search for factors of an odd integer n (because 
powers of 2 are easily recognizable and may be removed at the outset, there is no 
loss in assuming that n is odd) is equivalent to obtaining integral solutions x and y 
of the equation 


n=x2—y? 
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If n is the difference of two squares, then it is apparent that n can be factored as 


n=x?—y=(x+y\(x—-y) 


Conversely, when 7 has the factorizationn = ab, witha > b > 1, then we may write 


a+b \? a= px 
A= _ 
2 2 
Moreover, because v is taken to be an odd integer, a and b are themselves odd; hence 
(a + b)/2 and (a — b)/2 will be nonnegative integers. 


One begins the search for possible x and y satisfying the equation n = x 
or what is the same thing, the equation 


2 _ 2 
x—n=y* 
by first determining the smallest integer k for which k* > n. Now look successively 
at the numbers 
k? —n,(k +1)? —n,(k +2) —n, (k +3) —1n,... 


until a value of m > ./n is found making m* — n a square. The process cannot go 
on indefinitely, because we eventually arrive at 


n+1\? n—1\? 
—-nA= 
2 2 
the representation of n corresponding to the trivial factorization n = n - 1. If this 
point is reached without a square difference having been discovered earlier, then n 


has no factors other than n and 1, in which case it is a prime. 
Fermat used the procedure just described to factor 


2027651281 = 44021 - 46061 


in only 11 steps, as compared with making 4580 divisions by the odd primes up to 
44021. This was probably a favorable case devised on purpose to show the chief 
virtue of his method: It does not require one to know all the primes less than ./n to 
find factors of n. 


Example 5.2. To illustrate the application of Fermat’s method, let us factor the inte- 
ger n = 119143. From a table of squares, we find that 3457 < 119143 < 3467; thus 
it suffices to consider values of k? — 119143 for those k that satisfy the inequality 
346 < k < (119143 4+ 1)/2 = 59572. The calculations begin as follows: 

3467 — 119143 = 119716 — 119143 = 573 

3477 — 119143 = 120409 — 119143 = 1266 

348? — 119143 = 121104 — 119143 = 1961 

3497 — 119143 = 121801 — 119143 = 2658 

3507 — 119143 = 122500 — 119143 = 3357 

351? — 119143 = 123201 — 119143 = 4058 

352? — 119143 = 123904 — 119143 = 4761 = 69? 
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This last line exhibits the factorization 
119143 = 352? — 697 = (352 + 69)(352 — 69) = 421 - 283 


the two factors themselves being prime. In only seven trials, we have obtained the prime 
factorization of the number 119143. Of course, one does not always fare so luckily; it 
may take many steps before a difference turns out to be a square. 


Fermat’s method is most effective when the two factors of n are of nearly the 
same magnitude, for in this case a suitable square will appear quickly. To illustrate, 
let us suppose that n = 23449 is to be factored. The smallest square exceeding n is 
154, so that the sequence k? —n starts with 


154? — 23449 = 23716 — 23449 = 267 
1557 — 23449 = 24025 — 23449 = 576 = 24? 


Hence, factors of 23449 are 
23449 = (155 + 24)(155 — 24) = 179 - 131 


When examining the differences k* — n as possible squares, many values can be 
immediately excluded by inspection of the final digits. We know, for instance, that 
a square must end in one of the six digits 0, 1, 4, 5, 6, 9 (Problem 2(a), Section 4.3). 
This allows us to exclude all values in Example 5.2, save for 1266, 1961, and 4761. 
By calculating the squares of the integers from 0 to 99 modulo 100, we see further 
that, for a square, the last two digits are limited to the following 22 possibilities: 


00 21 41 64 89 
01 24 44 69 96 
04 25 49 76 
09 29 56 81 
16 36 61 84 


The integer 1266 can be eliminated from consideration in this way. Because 61 is 
among the last two digits allowable in a square, it is only necessary to look at the 
numbers 1961 and 4761; the former is not a square, but 4761 = 692. 

There is a generalization of Fermat’s factorization method that has been used 
with some success. Here, we look for distinct integers x and y such that x? — y? is 
a multiple of n rather than n itself; that is, 


r= ¥" (mod n) 


Having obtained such integers, d = gcd(x — y,n) (ord = gcd(x + y, n)) can be 
calculated by means of the Euclidean Algorithm. Clearly, d is a divisor of n, but is 
it a nontrivial divisor? In other words, do we have 1 < d < n? 

In practice, n is usually the product of two primes p and q, with p < q, so that 
d is equal to 1, p, g, or pg. Now the congruence x* = y” (mod n) translates into 
pq \|(x — y)(x + y). Euclid’s lemma tells us that p and q must divide one of the 
factors. If it happened that p |x — y and q|x — y, then pq |x — y, or expressed as 
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a congruence x = y (mod n). Also, p|x + y andqg|x+ y yield x = —y (mod n). 
By seeking integers x and y satisfying x? = y* (mod n), where x # ty (mod n), 
these two situations are ruled out. The result of all this is that d is either p or q, 
giving us a nontrivial divisor of n. 


Example 5.3. Suppose we wish to factor the positive integer n = 2189 and happen to 
notice that 579? = 18% (mod 2189). Then we compute 


gcd(579 — 18, 2189) = ged(561, 2189) = 11 
using the Euclidean Algorithm: 


2189 = 3-561 + 506 
561 = 1-506 +55 
506 =9-55+4+ 11 
Sy = 5-01 


This leads to the prime divisor 11 of 2189. The other factor, namely 199, can be obtained 
by observing that 


gcd(579 + 18, 2189) = gced(597, 2189) = 199 


The reader might wonder how we ever arrived at a number, such as 579, whose 
square modulo 2189 also turns out to be a perfect square. In looking for squares 
close to multiples of 2189, it was observed that 


817—3-2189=-6 and  1557—11-2189 = —54 
which translates into 
817 =—2-3(mod2189) and 155? = —2-3° (mod 2189) 
When these congruences are multiplied, they produce 
(81 - 155)* = (2 - 37)” (mod 2189) 


Because the product 81 - 155 = 12555 = —579 (mod 2189), we ended up with the 
congruence 5797 = 18? (mod 2189). 

The basis of our approach is to find several x; having the property that each x? 
is, modulo n, the product of small prime powers, and such that their product’s square 
is congruent to a perfect square. 

When n has more than two prime factors, our factorization algorithm may still 
be applied; however, there is no guarantee that a particular solution of the congruence 
x* = y? (mod n), with x # +y (mod n), will result in a nontrivial divisor of n. Of 
course the more solutions of this congruence that are available, the better the chance 
of finding the desired factors of n. 

Our next example provides a considerably more efficient variant of this last 
factorization method. It was introduced by Maurice Kraitchik in the 1920s and 
became the basis of such modern methods as the quadratic sieve algorithm. 


Example 5.4. Let n = 12499 be the integer to be factored. The first square just larger 


than n is 112* = 12544. So we begin by considering the sequence of numbers x” — n 
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for x = 112, 113,.... As before, our interest is in obtaining a set of values xj, 
X2,...,Xx~ for which the product (x; —n)---(x, —1n) is a square, say y?. Then 
(x, ---xx)* = y* (mod n), which might lead to a nontrivial factor of n. 

A short search reveals that 


112? — 12499 = 45 
117° — 12499 = 1190 
1217 — 12499 = 2142 
or, written as congruences, 
112? = 37 - 5 (mod 12499) 
117° = 2-5-7-17 (mod 12499) 
1217 = 2.37-7-17 (mod 12499) 
Multiplying these together results in the congruence 
(112-117-121)? = (2-3*-5-7- 17)? (mod 12499) 
that is, 
15855847 = 107107 (mod 12499) 
But we are unlucky with this square combination. Because 
1585584 = 10710 (mod 12499) 
only a trivial divisor of 12499 will be found. To be specific, 
gcd(1585584 + 10710, 12499) = 1 
gcd(1585584 — 10710, 12499) = 12499 
After further calculation, we notice that 
113” = 2-5-3? (mod 12499) 
1277 = 2-3-5-11* (mod 12499) 
which gives rise to the congruence 
(113 - 127)? = (2- 3%- 5-11)” (mod 12499) 
This reduces modulo 12499 to 
1852” = 9907 (mod 12499) 
and fortunately 1852 # + 990 (mod 12499). Calculating 
gcd(1852 — 990, 12499) = gcd(862, 12499) = 431 


produces the factorization 12499 = 29 - 431. 


102 ELEMENTARY NUMBER THEORY 


PROBLEMS 5.4 


1. Use Fermat’s method to factor each of the following numbers: 
(a) 2279. 
(b) 10541. 
(c) 340663 [Hint: The smallest square just exceeding 340663 is 5847.] 

2. Prove that a perfect square must end in one of the following pairs of digits: 00, 01, 04, 09, 
16, 21, 24, 25, 29, 36, 41, 44, 49, 56, 61, 64, 69, 76, 81, 84, 89, 96. 

[Hint: Because x” = (50 + x)* (mod 100) and x” = (50 — x)* (mod 100), it suffices to 
examine the final digits of x” for the 26 values x = 0, 1,2,...,25.] 

3. Factor the number 2!! — 1 by Fermat’s factorization method. 

4. In 1647, Mersenne noted that when a number can be written as a sum of two relatively 
prime squares in two distinct ways, it is composite and can be factored as follows: If 
n=a2+b? =c* +d’, then 

_ (act bd)(ac — bd) 
 (a@t+dja—d) 
Use this result to factor the numbers 
493 = 187 + 13* = 22? + 3? 
and 
38025 = 1687 + 99? = 156? + 1172 


5. Employ the generalized Fermat method to factor each of the following numbers: 
(a) 2911 [Hint: 138? = 67? (mod 2911).] 
(b) 4573 [Hint: 177? = 92? (mod 4573).] 
(c) 6923 [Hint: 208? = 93* (mod 6923).] 

6. Factor 13561 with the help of the congruences 


2337 = 37.5 (mod 13561) and 12817 = 2*-.5 (mod 13561) 
7. (a) Factor the number 4537 by searching for x such that 
Ro =k A537 


is the product of small prime powers. 
(b) Use the procedure indicated in part (a) to factor 14429. 
[Hint: 1207 — 14429 = —29 and 3003? — 625 - 14429 = —116.] 
8. Use Kraitchik’s method to factor the number 20437. 


CHAPTER 
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NUMBER-THEORETIC FUNCTIONS 


Mathematicians are like Frenchmen: whatever you say to them they translate 
into their own language and forthwith it is something entirely different. 
GOETHE 


6.1 THE SUM AND NUMBER OF DIVISORS 


Certain functions are found to be of special importance in connection with the study 
of the divisors of an integer. Any function whose domain of definition is the set of 
positive integers is said to be a number-theoretic (or arithmetic) function. Although 
the value of a number-theoretic function is not required to be a positive integer or, 
for that matter, even an integer, most of the number-theoretic functions that we shall 
encounter are integer-valued. Among the easiest to handle, and the most natural, are 
the functions t ando. 


Definition 6.1. Given a positive integer n, let t(m) denote the number of positive 
divisors of n and o(n) denote the sum of these divisors. 


For an example of these notions, consider n = 12. Because 12 has the positive 
divisors 1, 2, 3, 4, 6, 12, we find that 


tT(12) = 6 and e112) be 2 a 6 12S 28 


For the first few integers, 


tT) =1 1rQ)=2 13)=2 14) =3 1r5)=2 1(6)=4,... 
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and 

ol) = 1,¢@)= 3,66) =4,0(4 =7,0(5) = 6, o(6) = 12, 
It is not difficult to see that t(n) = 2 if and only if n is a prime number; also, 
o(n) = n+ 1if and only if n is a prime. 


Before studying the functions t and o in more detail, we wish to introduce 
notation that will clarify a number of situations later. It is customary to interpret the 


symbol 
YY f@ 


d\n 


to mean, “Sum the values f(d) as d runs over all the positive divisors of the positive 
integer n.” For instance, we have 


> f@) = IO fOrI a) + fO)+ F090) + 720) 
d|20 
With this understanding, t and o may be expressed in the form 


Ea) =) o(n)= od 


d\n d|n 


The notation )/, in 1, in particular, says that we are to add together as many 1’s as 
there are positive divisors of n. To illustrate: the integer 10 has the four positive 
divisors 1, 2,5, 10, whence 


r(10)= )°1=14+14+14+1=4 
d|10 


and 


o(10)= )'d=14+2+5+10=18 
d|10 
Our first theorem makes it easy to obtain the positive divisors of a positive 
integer n once its prime factorization is known. 
Theorem 6.1. Ifn = pe pe ..» p* is the prime factorization of n > 1, then the pos- 
itive divisors of n are precisely those integers d of the form 


a, _a2 


d=p, P> ves per 


where 0 < a; < kj (i = 1,2,...,7r). 


Proof. Note that the divisor d = 1 is obtained when a; = a2 = --- =a, = 0, andn 
itself occurs when a; = ki, ay = k2,..., a, = k,. Suppose that d divides n nontriv- 
ially; say, n = dd’, where d > 1, d' > 1. Express both d and d’ as products of (not 
necessarily distinct) primes: 


d=4192°°°-9s C= thas ty 
with g;, t; prime. Then 


kik k, 
Pi' Po °° DP; =" stirs 
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are two prime factorizations of the positive integer n. By the uniqueness of the prime 
factorization, each prime gq; must be one of the p;. Collecting the equal primes into a 
single integral power, we get 


a) a2 


d = 4192°** 4s = Pi’ Py ++ Py’ 
where the possibility that a; = 0 is allowed. 


Conversely, every number d = p}' p,’ --- pe (0 < a; < k;) turns out to be a di- 


visor of n. For we can write 
— aki nko k, 
N= Py; Po ++: DP, 


= (pf py? +++ PP )(pp pe --- pk-*) 
= dd’ 


with d’ = pi p2-@.... p&—® and k; — a; > 0 for each i. Then d’ > O andd [n. 


We put this theorem to work at once. 


Theorem 6.2. Ifn = De pe --» p* is the prime factorization of n > 1, then 


(a) t(n) = (ky + 1)(ko +: 1)--- &, + 1), and 


k,+1 k2+1 ky +1 
= =4 l=] 
(hyo) ee eee 
pi-l p2-1 Pr—-1 


Proof. According to Theorem 6.1, the positive divisors of n are precisely those integers 
a, _ a2 


d = p\' py’ ++: py 


where 0 < a; < k;. There are k; + 1 choices for the exponent a;; kz + 1 choices for 
a2,...;andk, + 1 choices for a,. Hence, there are 


(ky + I(ko + 1)---(& +1) 


possible divisors of n. 
To evaluate o(n), consider the product 


(1+ pit pr+---+ pe)(1+ pot p3 +--+ py) 
---(1+ pr + pe +--+ + pir) 


Each positive divisor of n appears once and only once as a term in the expansion of 
this product, so that 


o(n)=(1t+ pit pet---+ pi) (Lt pr t+ pp +s + DF) 


Applying the formula for the sum of a finite geometric series to the ith factor on the 
right-hand side, we get 


1+ pet pete + pp = 


It follows that 
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Corresponding to the )° notation for sums, the notation for products may be 
defined using | |, the Greek capital letter pi. The restriction delimiting the numbers 
over which the product is to be made is usually put under the | | sign. Examples are 


L] £@ =fMFOF@FALO) 


l<d<5 
[]/@ = fMf@FO) 
d|9 
[| £@ = F@F@sFO) 
p|30 


p prime 


With this convention, the conclusion to Theorem 6.2 takes the compact form: if 
(i Pt : os -.» p* is the prime factorization of n > 1, then 


c(in)= [|] & +) 


l<i<r 
and 
kj+1 
py 1 
a(n) = ——____. 
I pe 1 


Example 6.1. The number 180 = 2? - 3 - 5 has 
t(180) = (24+. 1)(2+1)14+ 1) = 18 
positive divisors. These are integers of the form 
fa ai a 
where a; = 0, 1, 2; az = 0, 1, 2; and a3 = 0, 1. Specifically, we obtain 
1, 2, 3, 4, 5, 6, 9, 10, 12, 15, 18, 20, 30, 36, 45, 60, 90, 180 


The sum of these integers is 


4 
180) = ASU Ai ae 622 A546 
Sean Ga Sa 2 4 


2-137-157-1 7262 
1 
One of the more interesting properties of the divisor function T is that the product 
of the positive divisors of an integer n > 1 is equal to n™™/*, It is not difficult to 
get at this fact: Let d denote an arbitrary positive divisor of n, so that n = dd’ for 
some d’. As d ranges over all t(n) positive divisors of n, t(m) such equations occur. 
Multiplying these together, we get 


na =|]a-]]a’ 


d|n d'|n 
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But as d runs through the divisors of n, so does d’; hence, Tain d= [Tain d’. The 


situation is now this: 
2 
ne — (r ‘ 
d\n 


n° TT] 


d|n 


or equivalently 


The reader might (or, at any rate, should) have one lingering doubt concerning 
this equation. For it is by no means obvious that the left-hand side is always an 
integer. If t(n) is even, there is certainly no problem. When t(n) is odd, n turns out 
to be a perfect square (Problem 7, Section 6.1), say, n = m2; thus n™@/2 = m™), 
settling all suspicions. 

For a numerical example, the product of the five divisors of 16 (namely, 1, 2, 4, 
8, 16) is 

[] 4 = 1609? = 16°? = 4° = 1024 
d|16 

Multiplicative functions arise naturally in the study of the prime factorization 
of an integer. Before presenting the definition, we observe that 

t(2- 10) = 1(20) = 642-4=17(2)- 710) 
At the same time, 
a(2- 10) = 0 (20) = 42 43-18 = o(2)- o (10) 
These calculations bring out the nasty fact that, in general, it need not be true that 
T(mn) = t(m)t(n) and o(mn) = o(m)o(n) 


On the positive side of the ledger, equality always holds provided we stick to rela- 
tively prime m and n. This circumstance is what prompts Definition 6.2. 


Definition 6.2. A number-theoretic function f is said to be multiplicative if 
f(mn) = fim) f@) 


whenever gcd(m, n) = 1. 


For simple illustrations of multiplicative functions, we need only consider the 
functions given by f(n) = 1 and g(n) =n for all n > 1. It follows by induction 
that if f is multiplicative and n;, n2,...,n, are positive integers that are pairwise 
relatively prime, then 


f(nyn2---n-) = fm) f(n2)--> fr) 


Multiplicative functions have one big advantage for us: they are completely 
determined once their values at prime powers are known. Indeed, ifn > 1 is a given 
positive integer, then we can writen = pi ps --. p* in canonical form; because the 
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pi are relatively prime in pairs, the multiplicative property ensures that 


f(n) = f (Pi) f(x) F(Pr") 
If f is a multiplicative function that does not vanish identically, then there exists 
an integer n such that f(n) 4 0. But 
faa) = fa- Y= fmf 
Being nonzero, f(n) may be canceled from both sides of this equation to give 
f() = 1. The point to which we wish to call attention is that f(1) = 1 for any 


multiplicative function not identically zero. 
We now establish that t and o have the multiplicative property. 


Theorem 6.3. The functions t and o are both multiplicative functions. 


Proof. Let m and n be relatively prime integers. Because the result is trivially true if 
either m or n is equal to 1, we may assume that m > 1 andn > 1. If 


_. okt ok k, Font SITS: is 
m= P;' Po *** DP, and n=4q)4q ++i 


are the prime factorizations of m and n, then because gcd(m, n) = 1, no p; can occur 
among the q;. It follows that the prime factorization of the product mn is given by 


mn = pe re pi qi}! 2 git 
Appealing to Theorem 6.2, we obtain 
t(mn) = [(ki + 1)---(& + DIG + 1)--- Gs + DI 
= T(m)t(n) 
In a similar fashion, Theorem 6.2 gives 


= o(m)o(n) 


Thus, t and o are multiplicative functions. 


We continue our program by proving a general result on multiplicative functions. 
This requires a preparatory lemma. 


Lemma. If gcd(m,n) = 1, then the set of positive divisors of mn consists of all 
products d;d2, where d; |m, dz|n and gcd(d;, d) = 1; furthermore, these products 
are all distinct. 


ky ko k, 


Proof. It is harmless to assume that m > 1 and n > 1; let m = p;'p,’ --- p;” and 
n = qj'q3, -++q3' be their respective prime factorizations. Inasmuch as the primes 
Pis-++> Pro Q1s---> Qs are all distinct, the prime factorization of mn is 


k j 
mn = Pr eee pr qi! oe ae 
Hence, any positive divisor d of mn will be uniquely representable in the form 


d= ps..-puq?.-.g™ 0<4a,<k,0<b <j 
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This allows us to write d as d =djd2, where d; = a --+p* divides m and 


dz = qi ...q> divides n. Because no p; is equal to any g j» we surely must have 
gcd(d,, dz) = 1. 


A keystone in much of our subsequent work is Theorem 6.4. 


Theorem 6.4. If f is a multiplicative function and F is defined by 
Fn) =) > f@ 
d|n 


then F is also multiplicative. 


Proof. Let m and n be relatively prime positive integers. Then 


F(mn)= )° fd) 


d|mn 


=) fia) 
d,|m 
dq \|n 


because every divisor d of mn can be uniquely written as a product of a divisor d; of 
m and a divisor dz of n, where gcd(d;, d2) = 1. By the definition of a multiplicative 
function, 


f(didr) = fd) f@) 
It follows that 
F(mn) = > fd f@) 


d,|m 
d) |\\n 


= ( x ran) (x ro) 
d,|m d2\|n 
= F(m)F(n) 


It might be helpful to take time out and run through the proof of Theorem 6.4 
in a concrete case. Letting m = 8 and n = 3, we have 


F(8-3)= )/ f(d@) 

d | 24 

= FI) + FQ+ $B) + (4+ FO+ Ff) + f02)+ f24) 

= fQ- D+ f2@-1)+ fA-3)+ f4-)+ f2-3) 
+ f@-+ f4-3)+ fB-3) 

= FDS) + F@FA + [HFB)+ ALM + FOE) 
+ F@FA) + [AFB + FBS) 

= [f(D + f@+ 4+ FOLD + $B 


=)° f@)- >> fd) = F()F) 


d|8 d|3 
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Theorem 6.4 provides a deceptively short way of drawing the conclusion that 
t and o are multiplicative. 


Corollary. The functions t and o are multiplicative functions. 


Proof. We have mentioned that the constant function f(n) = 1 is multiplicative, as is 
the identity function f(n) = n. Because t and o may be represented in the form 


tm)=) 1 and of~)=)od 


d\n d|n 
the stated result follows immediately from Theorem 6.4. 


PROBLEMS 6.1 


1. Let m and n be positive integers and pj, p2,..., py be the distinct primes that divide at 
least one of m or n. Then m and n may be written in the form 


m= p'p®...p& — withk; > Ofori = 1,2,...,r 


n=p'p?...p — with j, > Ofori =1,2,...,7 
Prove that 


Uy, U2 VU Ve 


ged(m,n) = py' p++ p," — lem(m, n) = py! py’ ++ p,’ 
where u; = min {k;, j;}, the smaller of k; and j;; and v; = max {k;, j;}, the larger of k; 
. Use the result of Problem 1 to calculate gcd(12378, 3054) and Ilcm(12378, 3054). 
. Deduce from Problem 1 that gcd(m, n) lcm(m, n) = mn for positive integers m and n. 
4. In the notation of Problem 1, show that gcd(m,n) = 1 if and only if k;j; = 0 for 
iil (Pe) 2 
5. (a) Verify that r(n) = tin + 1) = tin + 2) = t(v + 3) holds for n = 3655 and 4503. 
(b) When n = 14, 206, and 957, show that o(n) = o(n + 1). 
6. For any integer n > 1, establish the inequality t(n) < 2./n. 
[Hint: If d | n, then one of d or n/d is less than or equal to ./n.] 
7. Prove the following. 
(a) t(n) is an odd integer if and only if n is a perfect square. 
(b) o(n) is an odd integer if and only if n is a perfect square or twice a perfect square. 
[Hint: If p is an odd prime, then 1 + p + p* + --- + p* is odd only when k is even.] 
8. Show that >> a\n 1/d = o(n)/n for every positive integer n. 
9. If is a square-free integer, prove that t(n) = 2”, where r is the number of prime divisors 
of n. 
10. Establish the assertions below: 
(a) Ifn = pi pe -.» p* is the prime factorization of n > 1, then 


: > (1-—) (1- =)... (1-<) 
a(n) Pi P2 Pr 


(b) For any positive integer n, 
a(n!) 1 1 


1 
Do fee es Cee eee 
ne te baal ok se 


Ww N 


1> 


[Hint: See Problem 8.] 
(c) Ifn > 1 is a composite number, then o(n) > n+ ./n. 
[Hint: Let d |n, where 1 < d <n,sol <n/d <n. Ifd < Jn, thenn/d > J/n.] 


11. 


12. 


13. 


14. 


15. 


16. 


17. 
18. 


19. 


20. 


21. 


22. 


NUMBER-THEORETIC FUNCTIONS 111 


Given a positive integer k > 1, show that there are infinitely many integers n for which 

t(n) = k, but at most finitely many n with o(n) = k. 

[Hint: Use Problem 10(a).] 

(a) Find the form of all positive integers n satisfying t(n) = 10. What is the smallest 
positive integer for which this is true? 

(b) Show that there are no positive integers n satisfying o(n) = 10. 
[Hint: Note that forn > 1, 0(n) > n.] 

Prove that there are infinitely many pairs of integers m and n with o(m?) = o(n?). 

[Hint: Choose k such that gcd(k, 10) = 1 and consider the integers m = 5k, n = 4k.] 

For k > 2, show each of the following: 

(a) n = 2‘! satisfies the equation o(n) = 2n — 1. 

(b) If 2 — 1 is prime, then n = 2*—1(2* — 1) satisfies the equation o(n) = 2n. 

(c) If 2* — 3 is prime, thenn = 2*—!(2* — 3) satisfies o(n) = 2n + 2. 

It is not known if there are any positive integers n for which o(n) = 2n + 1. 

If n and n + 2 are a pair of twin primes, establish that o(n + 2) = o(n) + 2; this also 

holds for n = 434 and 8575. 

(a) For any integer n > 1, prove that there exist integers n; and nz for which 
T(n1) + T(n2) =n. 

(b) Prove that the Goldbach conjecture implies that for each even integer 2n there exist 
integers n, and n2 with o(n;) + o(n2) = 2n. 

For a fixed integer k, show that the function f defined by f(n) = n* is multiplicative. 

Let f and g be multiplicative functions that are not identically zero and have the property 

that f(p") = g(p*) for each prime p and k > 1. Prove that f = g. 

Provethatif f and g are multiplicative functions, then so is their product fg and quotient 

f/g (whenever the latter function is defined). 

Let w(n) denote the number of distinct prime divisors of n > 1, with w(1) = 0. For 

instance, w(360) = w(23 - 3” - 5) = 3. 

(a) Show that 2° is a multiplicative function. 

(b) For a positive integer n, establish the formula 


tii) 


d|n 


For any positive integer n, prove that Me In t(dP = OS d\n t(d))’. . 
[Hint: Both sides of the equation in question are multiplicative functions of n, so that it 
suffices to consider the case n = p*, where p is a prime.] 


Given n > 1, let o,(n) denote the sum of the sth powers of the positive divisors of n; 
that is, 
0;(n) = > d* 
d|n 
Verify the following: 


(a) o9 = Tt ando, =o. 
(b) o; is a multiplicative function. 

[Hint: The function f, defined by f(n) = n°, is multiplicative. ] 
(c) Ifn = De pe .-» p* is the prime factorization of n, then 


pet) 4) [ pxetD 4 pte 4 
oA ei yd pela ema 
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23. For any positive integer n, show the following: 
(a) Yeain 7) = Vajnr/d)td). 
(b) oy) ,(n/d)o(d) = Yj), dt). 


[Hint: Because the functions 


F(n) = ) od) and = G(n)= 


d|n d|n 


t(d) 


w| 3 


are both multiplicative, it suffices to prove that F(p*) = G(p*) for any prime p.] 


6.2 THE MOBIUS INVERSION FORMULA 


We introduce another naturally defined function on the positive integers, the Mobius 
j.-function. 


Definition 6.3. For a positive integer n, define jz by the rules 


1 ifn = 1 
u(n) = 4 0 if p? |n for some prime p 
(-1y ifn = p\p2--- p;, where p; are distinct primes 


Put somewhat differently, Definition 6.3 states that j4(n) = O if n is not a square- 
free integer, whereas y(n) = (—1)’ if n is square-free with r prime factors. For 
example: (30) = w(2- 3-5) = (—1)° = —1. The first few values of jz are 


wMO)=1 w2)=—-1 wQ@)=—-1 w4)=0 uG)=—-1 vO)=1,... 


If p is a prime number, it is clear that (p) = —1; in addition, (p*) = 0 fork > 2. 
As the reader may have guessed already, the Mobius j-function is multiplicative. 
This is the content of Theorem 6.5. 


Theorem 6.5. The function y is a multiplicative function. 


Proof. We want to show that w(mn) = w(m)u(n), whenever m and n are rela- 
tively prime. If either p?|m or p?|n, p a prime, then p” | mn; hence, w(mn) = 0 = 
iL(m)(n), and the formula holds trivially. We therefore may assume that both m and 


n are square-free integers. Say, m = pj p2--+ Pr, N = 41q2--- qs, With all the primes 
p; and q; being distinct. Then 


w(mn) = W(pi- +: Prgi+++ Gs) = (—L)*5 


=(-1)(-1P = unum) 
which completes the proof. 


Let us see what happens if j1(d) is evaluated for all the positive divisors d of 


an integer n and the results are added. In the case where n = 1, the answer is easy; 
here, 


> #@) = w) = 1 


d|1 
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Suppose that n > 1 and put 
F(n) = >> wd) 
d|n 
To prepare the ground, we first calculate F(n) for the power of a prime, say,n = p*. 
The positive divisors of p* are just the k + 1 integers 1, p, p’, fees p*, so that 


F(p*) = Y° w(d) = wl) + w(p) + w(p?) + ++ + w(p*) 
d | pk 
= uw) + u(p)=1+(C-)=0 


Because pz is known to be a multiplicative function, an appeal to Theorem 6.4 is 


legitimate; this result guarantees that F also is multiplicative. Thus, if the canonical 


factorizationofnisn = ae Ds vee p* , then F'(n) is the product of the values assigned 


to F for the prime powers in this representation: 


F(n) = F(pi')F(py’) --- F (pyr) = 0 


We record this result as Theorem 6.6. 


Theorem 6.6. For each positive integer n > 1, 
1 ifn—1 
Yua={, ifn >1 
d|n 


where d runs through the positive divisors of n. 


For an illustration of this last theorem, consider n = 10. The positive divisors 
of 10 are 1, 2,5, 10 and the desired sum is 


> U(d) = Ww) + HQ) + WS) + “10) 
d|10 
=1+(-1)+(-1)+1=0 


The full significance of the Mobius j-function should become apparent with 
the next theorem. 


Theorem 6.7 Mobius inversion formula. Let F and f be two number-theoretic 
functions related by the formula 


Fn) = >>) f@) 
d|n 
Then 


fin) =) u@)F (5) = ou (5) F@ 


d|n d|n 


Proof. The two sums mentioned in the conclusion of the theorem are seen to be the 
same upon replacing the dummy index d by d’ = n/d; as d ranges over all positive 
divisors of n, so does d’. 
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Carrying out the required computation, we get 


3 Md)F (=)=)° (uo > ro) 


d|n c|(n/d) 


(1) 


— ( » was) 


d|n \c|(/d) 


It is easily verified that d | n and c | (n/d) if and only if c |n and d | (n/c). Because of 
this, the last expression in Eq. (1) becomes 


> > was) = D5 ye rom) 


d|n \c|(/d) c|n \d|(n/c) 


(2) 


= (i ~~ “) 


c|n d|(n/c) 


In compliance with Theorem 6.6, the sum )> dite w(d) must vanish except when 
n/c = 1 (that is, when n = c), in which case it is equal to 1; the upshot is that the 
right-hand side of Eq. (2) simplifies to 


> (r » “) => f@-:1 
c|n d|(n/c) c=n 
= f(n) 


giving us the stated result. 


Let us use n = 10 again to illustrate how the double sum in Eq. (2) is turned 
around. In this instance, we find that 


> ( ye wap) = w(1y[ fd) + f(2) + f6)+ fao)] 


d|10 \c|(10/d) 
+ nF) + fO1+ eOLFM + FQ] 
+ (10) fC) 
= fH) + w(2) + WS) + w0)] 
+ f(2)[u(1) + w(S5)] + Oe) + w2)] 
+ f(0)uC1) 


= »( ye rom) 


c|10 \d|(10/c) 


To see how the Mobius inversion formula works in a particular case, we remind 
the reader that the functions t and o may both be described as “sum functions”: 


t(n)=)°1 and o(n)=) od 


d|n d|n 
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Theorem 6.7 tells us that these formulas may be inverted to give 
n n 
i (=) ca and n= (=)ow 
d (=) rd) d u(>)od) 


which are valid for all n > 1. 

Theorem 6.4 ensures that if f is a multiplicative function, then so is F(n) = 
ye, in J (d). Turning the situation around, one might ask whether the multiplicative 
nature of F forces that of f. Surprisingly enough, this is exactly what happens. 


Theorem 6.8. If F is a multiplicative function and 
F(n)= > f@ 
d|n 


then f is also multiplicative. 


Proof. Let m and n be relatively prime positive integers. We recall that any divisor 
d of mn can be uniquely written as d = did, where d, | m, dz |n, and gcd(dj, do) = 1. 
Thus, using the inversion formula, 


fomn) = Y* uaF (=) 


d|mn 
mn 
= da y(dyd2)F (=) 
m i 
= pe y(d)) (do) F (+) F (=) 
m n 

= d,)F\— do) F | — 

par 1) (5) da >) (+) 
= f(m)f(n) 


which is the assertion of the theorem. Needless to say, the multiplicative character of 
uw and of F is crucial to the previous calculation. 


For n > 1, we define the sum 


M(n) = 97 Wk) 
k=1 
Then M(n) is the difference between the number of square-free positive integers 
k <n with an even number of prime factors and those with an odd number of prime 
factors. For example, M(9) = 2 — 4 = —2. In 1897, Franz Mertens (1840-1927) 
published a paper with a 50-page table of values of M(n) for n = 1, 2,..., 10000. 
On the basis of the tabular evidence, Mertens concluded that the inequality 


|M(n)| < J/n n> 1 


is “very probable.” (In the previous example, |M(9)| = 2 < /9.) This conclusion 
later became known as the Mertens conjecture. A computer search carried out in 
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1963 verified the conjecture for all n up to 10 billion. But in 1984, Andrew Odlyzko 
and Herman te Riele showed that the Mertens conjecture is false. Their proof, which 
involved the use of a computer, was indirect and produced no specific value of n 
for which |M(n)| > ./n; all it demonstrated was that such a number n must exist 
somewhere. Subsequently, it has been shown that there is a counterexample to the 
Mertens conjecture for at least one n < (3.21)10%. 


PROBLEMS 6.2 


1. 


. If the integer n > 1 has the prime factorization n = p;'p, 


(a) For each positive integer n, show that 


w(n)u(n + lun + 2)uU(n + 3) = 0 
(b) For any integer n > 3, show that )77_, w(k!) = 1. 


. The Mangoldt function A is defined by 


log p ifn = p*, where p is a prime and k > 1 
A(n) = 
0 otherwise 


Prove that A(n) = are w(n/d)logd = — ae u(d) log d. 
[Hint: First show that )°, jn A(d) = logn and then apply the Mobius inversion formula.] 
ky ko 


- Letn = py’ py --: p* be the prime factorization of the integern > 1. If f is a multiplica- 


tive function that is not identically zero, prove that 


Y | wd) fd) = 1 — f(py). — fp) + = fp) 


d|n 


[Hint: By Theorem 6.4, the function F defined by F(n) = 0, oe Ld) f (d) is multiplica- 
tive; hence, F'(n) is the product of the values F‘( pi ).] 
tt pk? ... pk, use Problem 3 to 
establish the following: 
(a) Vrain U@)t(d) = (-1Y. 
(b) Yeajn H@)o@) = (-1) pipe: Pr. 
(C) Vain M@)/d = (1 — 1/pi)0 — 1/p2)--- C1. — 1/p,). 
(d) doain Ged) = (1 — pi) — p2)--- (1 = pr). 


. Let S(n) denote the number of square-free divisors of n. Establish that 


S(n) =) lw@| = 2% 


d|n 


where @(n) is the number of distinct prime divisors of n. 
[Hint: S is a multiplicative function. ] 


. Find formulas for >> ain u?(d)/t(d) and > aie 7(d)/o(d) in terms of the prime factor- 


ization of n. 


. The Liouville d-function is defined by 4(1) = 1 and A(n) = (—1)*t+”*"+%, if the prime 


factorization of n > lisn = pi py tee pe: For instance, 


1360) ]1(2 #3? 5). = 1p Sey = 


(a) Prove that A is a multiplicative function. 
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(b) Given a positive integer n, verify that 


1 
yA) = 1G 


d|n 


if n = m? for some integer m 


otherwise 


8. For an integer n > 1, verify the formulas below: 
(@) Vain H@A) = 2°. 
(b) Dats Mn/d)2°@ = 1. 


6.3 THE GREATEST INTEGER FUNCTION 


The greatest integer or “bracket” function [ ] is especially suitable for treating di- 
visibility problems. Although not strictly a number-theoretic function, its study has 
a natural place in this chapter. 


Definition 6.4. For an arbitrary real number x, we denote by [x] the largest integer 
less than or equal to x; that is, [x] is the unique integer satisfying x — 1 < [x] < x. 


By way of illustration, [ ] assumes the particular values 
[-3/2}=-2 [V2]=1 [1/3]=0 [z]=3 [-2]=-4 


The important observation to be made here is that the equality [x] = x holds if 
and only if x is an integer. Definition 6.4 also makes plain that any real number x 
can be written as 


4 ape ted 


for a suitable choice of 0, with 0 < 6 < 1. 
We now plan to investigate the question of how many times a particular prime 
p appears in n!. For instance, if p = 3 andn = 9, then 
91=1-2-3-4-5-6-7-8-9 
= 27.34.5.7 
so that the exact power of 3 that divides 9! is 4. It is desirable to have a formula that 


will give this count, without the necessity of always writing n! in canonical form. 
This is accomplished by Theorem 6.9. 


Theorem 6.9. If is a positive integer and p a prime, then the exponent of the highest 
power of p that divides n! is 


k=1 
where the series is finite, because [n/p*] = 0 for p* > n. 


Proof. Among the first n positive integers, those divisible by p are p, 2p,..., tp, 
where f is the largest integer such that tp < n; in other words, ¢ is the largest integer 
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less than or equal to n/p (which is to say t = [n/p]). Thus, there are exactly [n/p] 
multiples of p occurring in the product that defines n!, namely, 


p.2p....[ "|p (1) 
p 


The exponent of p in the prime factorization of n! is obtained by adding to the 
number of integers in Eq. (1), the number of integers among 1, 2, ..., divisible by 
p’, and then the number divisible by p?, and so on. Reasoning as in the first paragraph, 
the integers between 1 and n that are divisible by p* are 


n 
DOB es =| pr (2) 
Pp 
which are [n/p] in number. Of these, [n/p?] are again divisible by p: 
n 
P28... []p (3) 


After a finite number of repetitions of this process, we are led to conclude that the total 
number of times p divides n! is 


This result can be cast as the following equation, which usually appears under 
the name of the Legendre formula: 


n! = I] preiln/P) 


psn 


Example 6.2. We would like to find the number of zeros with which the decimal 
representation of 50! terminates. In determining the number of times 10 enters into the 
product 50!, it is enough to find the exponents of 2 and 5 in the prime factorization of 
50!, and then to select the smaller figure. 

By direct calculation we see that 


[50/2] + [50/22] + [50/23] + [50/24] + [50/25] 
= 25+4+12+6+3+1 
= 47 


Theorem 6.9 tells us that 2*” divides 50!, but 2*° does not. Similarly, 
[50/5] + [50/57] = 10+ 2 = 12 


and so the highest power of 5 dividing 50! is 12. This means that 50! ends with 12 
Zeros. 


We cannot resist using Theorem 6.9 to prove the following fact. 
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Theorem 6.10. If n and r are positive integers with 1 <r <n, then the binomial 
coefficient 

n n!} 

r) rin—r)! 


Proof. The argument rests on the observation that if a and b are arbitrary real numbers, 
then [a + b] > [a] + [b]. In particular, for each prime factor p of r!(n — r)!, 


n r (n —Tr) 
ale[al [2] 12 


Adding these inequalities, we obtain 


> [s]2o[4]+[S7| (1) 


bai bP ke1 LP kel P 


is also an integer. 


The left-hand side of Eq. (1) gives the exponent of the highest power of the prime 
p that divides n!, whereas the right-hand side equals the highest power of this prime 
contained in r!(n — r)!. Hence, p appears in the numerator of n!/r!(n — r)! at least 
as many times as it occurs in the denominator. Because this holds true for every prime 
divisor of the denominator, r!(n — r)! must divide n!, making n!/r!(m — r)! an integer. 


Corollary. For a positive integer r, the product of any r consecutive positive integers 

is divisible by r!. 

Proof. The product of r consecutive positive integers, the largest of which is n, is 
n(n — 1)(n — 2)---(1—rt]1) 


Now we have 


n! 
na Vela rt = (A) 


rin—r)! 


Because n!/r!(n —r)! is an integer by the theorem, it follows that r! must divide the 
product n(n — 1)---(n —r + 1), as asserted. 


We pick up a few loose threads. Having introduced the greatest integer function, 
let us see what it has to do with the study of number-theoretic functions. Their 
relationship is brought out by Theorem 6.11. 


Theorem 6.11. Let f and F be number-theoretic functions such that 


Fan) =>) f@ 


d|n 


Then, for any positive integer NV, 


N N N 
> FQ) = >> f® B 
n=1 k=1 
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Proof. We begin by noting that 


N N 
DUE es Ie (1) 
n=1 n=1 d\|n 


The strategy is to collect terms with equal values of f(d) in this double sum. For a 
fixed positive integer k < N, the term f(k) appears in > a\n J (d) if and only if k is 
a divisor of n. (Because each integer has itself as a divisor, the right-hand side of Eq. 
(1) includes f(k), at least once.) Now, to calculate the number of sums )°, ie f(d) in 
which f(k) occurs as a term, it is sufficient to find the number of integers among 1, 
2,...,N, which are divisible by k. There are exactly [NV /k] of them: 


ks 2k, 3k... | Tk 
k 


Thus, for each k such that 1 < k < N, f(k)is aterm of the sum ae fd) for [N/k] 
different positive integers less than or equal to NV. Knowing this, we may rewrite the 
double sum in Eq. (1) as 


n=1 k=1 


N N N 

d)= k)j— 
rdf j= |Z] 
and our task is complete. 


As an immediate application of Theorem 6.11, we deduce Corollary 1. 


Corollary 1. If N is a positive integer, then 


Proof. Noting that t(n) = }/4), 1, we may write t for F and take f to be the constant 
function f(”) = 1 for all n. 


In the same way, the relation o(n) = )), ind yields Corollary 2. 


Corollary 2. If N is a positive integer, then 


These last two corollaries, can perhaps, be clarified with an example. 


Example 6.3. Consider the case N = 6. The definition of t tells us that 
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From Corollary 1, 


°\ 76 
- |< | = [6] + [3] + [2] + [3/2] + [6/5] + [1] 


n=1 
=64+3+2+141+41 
=14 


as it should. In the present case, we also have 


6 
633 
n=1 


and a simple calculation leads to 


6 
yo H = 1[6] + 2[3] + 3[2] + 4[3/2] + 5[6/5] + 6[1] 
n=1 


=1-64+2-343-24+4-14+5-1+6-1 
= 33 


PROBLEMS 6.3 


1. 


2. 


WwW 


6. 


Given integers a and b > 0, show that there exists a unique integer r with O<r<b 
satisfying a = [a/b]b +r. 
Let x and y be real numbers. Prove that the greatest integer function satisfies the following 
properties: 
(a) [x +n] = [x] + x for any integer n. 
(b) [x] + [—x] = 0 or —1, according as x is an integer or not. 
[Hint: Write x = [x] + 0, withO < 6 < 1, so that —x = —[x]—1+( —- 8).] 
(c) [x] + Ly] < [x + y] and, when x and y are positive, [x][y] < [xy]. 
(d) [x/n] = [[x]/n] for any positive integer n. 
[Hint: Let x/n = [x/n] + 6, where 0 < 6 < 1; then [x] = n[x/n] + [n0].] 
(e) [nm/k] => n[m/k] for positive integers, n, m, k. 
(f) [x] + [y] + [* + y] < [2x] + [2y]. 
[Hint: Letx = [x] + 0,0 <6 < 1, and y = [y] + 0’,0 < 0’ < 1. Consider cases in 
which neither, one, or both of 6 and 6’ are greater than or equal to +. 


. Find the highest power of 5 dividing 1000! and the highest power of 7 dividing 2000!. 
. For an integer n > 0, show that [n/2] — [—n/2] =n. 
. (a) Verify that 1000! terminates in 249 zeros. 


(b) For what values of n does n! terminate in 37 zeros? 
Ifn > 1 and p is a prime, prove that 
(a) (2n)!/(n!) is an even integer. 
[Hint: Use Theorem 6.10.] 
(b) The exponent of the highest power of p that divides (2n)!/(n !)* is 


> (Ll zl) 


(c) In the prime factorization of (2n)!/ (n!)? the exponent of any prime p such that 
n < p < 2n is equal to 1. 
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7. Let the positive integer n be written in terms of powers of the prime p so that we have 
n=ayp* +---+a,p* +.a,p + ao, where 0 < a; < p. Show that the exponent of the 
highest power of p appearing in the prime factorization of n! is 

n— (ar +-++++a2 +a, + a) 
p-1l 

8. (a) Using Problem 7, show that the exponent of highest power of p dividing (p* — 1)! 
is [p* —(p — Dk — 1]/(p — 1). 
[Hint: Recall the identity p* — 1 = (p— 1)(p*!4+.---+ p?+p4+).] 

(b) Determine the highest power of 3 dividing 80! and the highest power of 7 dividing 

2400!. 
[Hint: 2400 = 7* — 1.] 

9. Find an integer n > 1 such that the highest power of 5 contained in n! is 100. 

[Hint: Because the sum of coefficients of the powers of 5 needed to express n in the base 
5 is at least 1, begin by considering the equation (n — 1)/4 = 100.] 
10. Given a positive integer NV, show the following: 
(a) Dyk H(M)LN/n] = 1. 
(b) | ai H(n)/n| < 1. 
11. Illustrate Problem 10 in the case where N = 6. 
12. Verify that the formula 


S340 B = [VN] 


holds for any positive integer NV. 
[Hint: Apply Theorem 6.11 to the multiplicative function F(n) = )°, in A(d), noting that 
there are [,/n] perfect squares not exceeding n.] 
13. If N is a positive integer, establish the following: 
(a) N = ON rn) — 0" [2N/n. 
(b) c(N) = DL (IN /n] — [(N — 1)/n). 


6.4 AN APPLICATION TO THE CALENDAR 


Our familiar calendar, the Gregorian calendar, goes back as far as the second half 
of the 16th century. The earlier Julian calendar, introduced by Julius Caesar, was 
based on a year of 3654 days, with a leap year every fourth year. This was not a 
precise enough measure, because the length of a solar year—the time required for 
the earth to complete an orbit about the sun—is apparently 365.2422 days. The small 
error meant that the Julian calendar receded a day from its astronomical norm every 
128 years. 

By the 16th century, the accumulating inaccuracy caused the vernal equinox 
(the first day of Spring) to fall on March 11 instead of its proper day, March 21. 
The calendar’s inaccuracy naturally persisted throughout the year, but at this season 
it meant that the Easter festival was celebrated at the wrong astronomical time. 
Pope Gregory XIII rectified the discrepancy in a new calendar, imposed on the 
predominantly Catholic countries of Europe. He decreed that 10 days were to be 
omitted from the year 1582, by having October 15 of that year immediately follow 
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October 4. At the same time, the Jesuit mathematician Christopher Clavius amended 
the scheme for leap years: these would be years divisible by 4, except for those 
marking centuries. Century years would be leap years only if they were divisible by 
400. (For example, the century years 1600 and 2000 are leap years, but 1700, 1800, 
1900, and 2100 are not.) 

Because the edict came from Rome, Protestant England and her possessions— 
including the American colonies—resisted. They did not officially adopt the Gre- 
gorian calendar until 1752. By then it was necessary to drop 11 days in September 
from the Old Style, or Julian, calendar. So it happened that George Washington, who 
was born on February 11, 1732, celebrated his birthday as an adult on February 272. 
Other nations gradually adopted the reformed calendar: Russia in 1918, and China 
as late as 1949. 

Our goal in the present section is to determine the day of the week for a given 
date after the year 1600 in the Gregorian calendar. Because the leap year day is added 
at the end of February, let us adopt the convenient fiction that each year ends at the 
end of February. According to this plan, in the Gregorian year Y March and April 
are counted as the first and second months. January and February of the Gregorian 
year Y + 1 are, for convenience, counted as the eleventh and twelfth months of the 
year Y. 

Another convenience is to designate the days of the week, Sunday through 
Saturday, by the numbers 0, 1, ..., 6: 


Sun Mon Tue Wed Thu Fri Sat 
0 1 Z 3 4 5 6 


The number of days in a common year is 365 = 1 (mod 7), whereas in leap 
years there are 366 = 2 (mod 7) days. Because February 28 is the 365th day of the 
year, and 365 = 1 (mod 7), February 28 always falls on the same weekday as the 
previous March 1. Thus if a particular March 1 immediately follows February 28, 
its weekday number will be one more, modulo 7, than the weekday number of the 
previous March 1. But if it follows a leap year day, February 29, its weekday number 
will be increased by two. 

For instance, if Dj6099 is the weekday number for March 1, 1600, then March 1 
in the years 1601, 1602, and 1603 has numbers congruent modulo 7 to Dj699 + 1, 
D600 + 2, and Dj600 + 3, respectively; but the number corresponding to March 1, 
1604 is Dj609 + 5 (mod 7). 

We can summarize this: the weekday number Dy for March 1 of any year 
Y > 1600 will satisfy the congruence 


Dy = Dj600 + (Y — 1600) + L (mod 7) (1) 


where L is the number of leap year days between March 1, 1600, and March 1 of 
the year Y. 

Let us first find L, the number of leap year days between 1600 and the year Y. 
To do this, we count the number of these years that are divisible by 4, deduct the 
number of century years, and then add back the number of century years divisible by 
400. According to Problem 2(a) of Section 6.3, [x — a] = [x] — a whenever a is an 
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integer. Hence the number of years n in the interval 1600 < n < Y that are divisible 


by 4 is given by 
Y — 1600 Y Y 
—— | = | — — 400| = | — | — 400 
re 


Likewise, the number of elapsed century years is 


Y— 
1600 = Y _ ies ule 16 
100 100 100 


whereas among those there are 


yY—1600] [ Y Ae Y ; 
400 ~ | 400 ~ | 400 


century years that are divisible by 400. Taken together, these statements yield 
r ¥ Y 
=(|—|-4 —{|}—]/-1 —|-4 
= ([7]-9) - ([ ima] -29)+ (an |-4) 
aks z ole z 388 
14 100 400 


Let us obtain, for a typical example, the number of leap years between 1600 and 
1995. We compute: 


L = [1995/4] — [1995/100] + [1995/400] — 388 
= 498 — 19+ 4 — 388 = 95 


Together with congruence (1), this allows us to find a value for Dj699. Days 
and dates of recent years can still be recalled; we can easily look up the weekday 
(Wednesday) for March 1, 1995. That is, Dj995 = 3. Then from (1), 


3= Dy 600 cae (1995 = 1600) ats 95 = D600 (mod 7) 


and so March 1, 1600, also occurred on a Wednesday. The congruence giving the 
day of the week for March 1 in any year Y may now be reformulated as 


Dy =3+(Y — 1600) + L (mod 7) (2) 
An alternate formula for L comes from writing the year Y as 
Y= 100c+ y 0< y < 100 


where c denotes the number of centuries and y the year number within the century. 
Upon substitution, the previous expression for L becomes 
y y Cc y 
t= [eee tle dl ods) 
nr OT ang ae 4* 200 388 


y Cc 
— 24 [=| [| — 388 
Ca: 4 ae A 
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(Notice that [y/100] = 0 and y/400 < 7) Then the congruence for Dy appears as 


Dy =3+(100c + y — 1600) + 24¢ + [z Fe [S| — 388 (mod 7) 
which reduces to 
Cc 


|+ a (mod 7) (3) 


Example 6.4 We can use the latest congruence to calculate the day of the week on 
which March 1, 1990, fell. For this year, c = 19 and y = 90 so that (3) gives 


Dj900 = 3 — 38 + 90 + [19/4] + [90/4] 
= 55+4+422 =4 (mod 7) 


March 1 was on a Thursday in 1990. 


We move on to determining the day of the week on which the first of each month 
of the year would fall. Because 30 = 2 (mod 7), a 30-day month advances by two 
the weekday on which the next month begins. A 31-day month increases it by 3. So, 
for example, the number of June 1 will always be 3 + 2+ 3 = 1 (mod 7) greater 
than that of the preceding March 1 because March, April, and May are months of 
31, 30, and 31 days, respectively. The table below gives the value that must be added 
to the day-number of March 1 to arrive at the number of the first day of each month 
in any year Y. 


March 0 September 2 

April 3 October 4 

May 5 November 0 

June 1 December 2 

July 3 January 5) 

August 6 February 1 
Form = 1,2,..., 12, the expression 


[(2.6)m — 0.2] — 2 (mod 7) 


produces the same monthly increases as indicated by the table. Thus the number of 
the first day of the mth month of the year Y is given by 


Dy + [(2.6)m — 0.2] — 2 (mod 7) 
Taking December 1, 1990, as an example, we have 
Dyjo90 + [(2.6)10 — 0.2] - 2 = 4+ 25 — 2 = 6 (mod 7) 


that is, the first of December in 1990 fell on a Saturday. 
Finally, the number w of day d, month m, year Y = 100c + y is determined 
from congruence 


w =(d —1)+ Dy + [(2.6)m — 0.2] — 2 (mod 7) 
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We can use Eq. (3) to recast this: 


Cc 


| - Fa (mod 7) (4) 


We summarize the results of this section in the following theorem. 


w =d+[2.6m —0.2]-2¢+y+| 


Theorem 6.12. The date with month m, day d, year Y = 100c + y wherec > 16 and 
0 < y < 100, has weekday number 

c 
4 
provided that March is taken as the first month of the year and January and February 


are assumed to be the eleventh and twelfth months of the previous year. 
Let us give an example using the calendar formula. 


+ =d+[2.6)m —0.2]-2¢ + +[ |+[4] (mod 7) 


Example 6.5. On what day of the week will January 14, 2020, occur? 
In our convention, January of 2020 is treated as the eleventh month of the year 
2019. The weekday number corresponding to its fourteenth day is computed as 


w = 144+ [(2.6)11 — 0.2] — 40 + 19 + [20/4] + [19/4] 
= 14+4+28-40+19+5+4 =2 (mod7) 


We conclude that January 14, 2020, will take place on a Tuesday. 
An interesting question to ask about the calendar is whether every year contains a 
Friday the thirteenth. Phrased differently, does the congruence 
c 


“J+ [2] oa 


hold for each year Y = 100c + y? Notice that the expression [(2.6)m — 0.2] assumes, 
modulo 7, each of the values 0, 1, ... , 6 as m varies from 3 to 9—-values corresponding 
to the months May through November. Hence there will always be a month for which 
the indicated congruence is satisfied: in fact, there will always be a Friday the thirteenth 
during these seven months of any year. For the year 2022, as an example, the Friday 
the thirteenth congruence reduces to 


0 = [(2.6)m — 0.2] (mod 7) 


5 = 13 +[(2.6)m-0.2)-2+y+| 


which holds when m = 3. In 2022, there is a Friday the thirteenth in May. 


PROBLEMS 6.4 


1. Find the number n of leap years such that 1600 < n < Y, when 
(a) Y = 1825. 
(b) Y = 1950. 
(c) Y = 2075. 
. Determine the day of the week on which you were born. 
. Find the day of the week for the important dates below: 
(a) November 19, 1863 (Lincoln’s Gettysburg Address). 
(b) April 18, 1906 (San Francisco earthquake). 
(c) November 11, 1918 (Great War ends). 
(d) October 24, 1929 (Black Day on the New York stock market). 


wn 
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(e) June 6, 1944 (Allies land in Normandy). 
(f) February 15, 1898 (Battleship Maine blown up). 
4. Show that days with the identical calendar date in the years 1999 and 1915 fell on the 
same day of the week. 
[Hint: If W, and W2 are the weekday numbers for the same date in 1999 and 1915, 
respectively, verify that W; — W2 = 0 (mod 7).] 
5. For the year 2010, determine the following: 
(a) the calendar dates on which Mondays will occur in March. 
(b) the months in which the thirteenth will fall on a Friday. 
6. Find the years in the decade 2000 to 2009 when November 29 is on a Sunday. 
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CHAPTER 


7 


EULER’S GENERALIZATION OF 
FERMAT’S THEOREM 


Euler calculated without apparent effort, just as men breathe, as 
eagles sustain themselves in the air. 
ARAGO 


7.1 LEONHARD EULER 


The importance of Fermat’s work resides not so much in any contribution to the 
mathematics of his own day, but rather in its animating effect on later generations 
of mathematicians. Perhaps the greatest disappointment of Fermat’s career was his 
inability to interest others in his new number theory. A century was to pass before a 
first-class mathematician, Leonhard Euler (1707-1783), either understood or appre- 
ciated its significance. Many of the theorems announced without proof by Fermat 
yielded to Euler’s skill, and it is likely that the arguments devised by Euler were not 
substantially different from those that Fermat said he possessed. 

The key figure in 18th century mathematics, Euler was the son of a Lutheran 
pastor who lived in the vicinity of Basel, Switzerland. Euler’s father earnestly wished 
him to enter the ministry and sent his son, at the age of 13, to the University of Basel to 
study theology. There the young Euler met Johann Bernoulli—then one of Europe’s 
leading mathematicians—and befriended Bernoulli’s two sons, Nicolaus and Daniel. 
Within a short time, Euler broke off the theological studies that had been selected for 
him to address himself exclusively to mathematics. He received his master’s degree 
in 1723, and in 1727 at the age of 19, he won a prize from the Paris Academy of 
Sciences for a treatise on the most efficient arrangement of ship masts. 
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Leonhard Euler 
(1707-1783) 


(Dover Publications, Inc.) 


Where the 17th century had been an age of great amateur mathematicians, the 
18th century was almost exclusively an era of professionals—university professors 
and members of scientific academies. Many of the reigning monarchs delighted in 
regarding themselves as patrons of learning, and the academies served as the in- 
tellectual crown jewels of the royal courts. Although the motives of these rulers 
may not have been entirely philanthropic, the fact remains that the learned societies 
constituted important agencies for the promotion of science. They provided salaries 
for distinguished scholars, published journals of research papers on a regular ba- 
sis, and offered monetary prizes for scientific discoveries. Euler was at different 
times associated with two of the newly formed academies, the Imperial Academy at 
St. Petersburg (1727-1741; 1766-1783) and the Royal Academy in Berlin (1741- 
1766). In 1725, Peter the Great founded the Academy of St. Petersburg and at- 
tracted a number of leading mathematicians to Russia, including Nicolaus and Daniel 
Bernoulli. On their recommendation, an appointment was secured for Euler. Because 
of his youth, he had recently been denied a professorship in physics at the Univer- 
sity of Basel and was only too ready to accept the invitation of the Academy. In 
St. Petersburg, he soon came into contact with the versatile scholar Christian 
Goldbach (of the famous conjecture), a man who subsequently rose from professor 
of mathematics to Russian Minister of Foreign Affairs. Given his interests, it seems 
likely that Goldbach was the one who first drew Euler’s attention to the work of 
Fermat on the theory of numbers. 

Euler eventually tired of the political repression in Russia and accepted the call 
of Frederick the Great to become a member of the Berlin Academy. The story is told 
that, during a reception at Court, he was kindly received by the Queen Mother who 
inquired why so distinguished a scholar should be so timid and reticent; he replied, 
“Madame, it is because I have just come from a country where, when one speaks, 
one is hanged.” However, flattered by the warmth of the Russian feeling toward him 
and unendurably offended by the contrasting coolness of Frederick and his court, 
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Euler returned to St. Petersburg in 1766 to spend his remaining days. Within two or 
three years of his return, Euler became totally blind. 

However, Euler did not permit blindness to retard his scientific work; aided by 
a phenomenal memory, his writings grew to such enormous proportions as to be 
virtually unmanageable. Without a doubt, Euler was the most prolific writer in the 
entire history of mathematics. He wrote or dictated over 700 books and papers in his 
lifetime and left so much unpublished material that the St. Petersburg Academy did 
not finish printing all his manuscripts until 47 years after his death. The publication 
of Euler’s collected works was begun by the Swiss Society of Natural Sciences in 
1911: it is estimated that more than 75 large volumes will ultimately be required for 
the completion of this monumental project. The best testament to the quality of these 
papers may be the fact that on 12 occasions they won the coveted biennial prize of 
the French Academy in Paris. 

During his stay in Berlin, Euler acquired the habit of writing memoir after 
memoir, placing each when finished at the top of a pile of manuscripts. Whenever 
material was needed to fill the Academy’s journal, the printers helped themselves 
to a few papers from the top of the stack. As the height of the pile increased more 
rapidly than the demands made upon it, memoirs at the bottom tended to remain in 
place a long time. This explains how it happened that various papers of Euler were 
published, when extensions and improvements of the material contained in them had 
previously appeared in print under his name. We might also add that the manner in 
which Euler made his work public contrasts sharply with the secrecy customary in 
Fermat’s time. 


7.2 KULER’S PHI-FUNCTION 


This chapter deals with that part of the theory arising out of the result known as Euler’s 
Generalization of Fermat’s Theorem. In a nutshell, Euler extended Fermat’s theorem, 
which concerns congruences with prime moduli, to arbitrary moduli. While doing so, 
he introduced an important number-theoretic function, described in Definition 7.1. 


Definition 7.1. Form > 1, let é(n) denote the number of positive integers not exceeding 
n that are relatively prime to n. 


As an illustration of the definition, we find that (30) = 8; for, among the 
positive integers that do not exceed 30, there are eight that are relatively prime to 30; 
specifically, 

Lear ele sles T2329 
Similarly, for the first few positive integers, the reader may check that 


(1) = 1, 62) = 1, G3) = 2, G4) = 2, (5) = 4, 
o(6) = 2, (7) = 6,... 
Notice that ¢(1)=1, because gcd(1,1)=1. In the event n> 1, then 


gcd(n,n) = n #1, so that @(n) can be characterized as the number of integers 
less than n and relatively prime to it. The function ¢ is usually called the Euler 
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phi-function (sometimes, the indicator or totient) after its originator; the functional 
notation ¢(n), however, is credited to Gauss. 

If n is a prime number, then every integer less than n is relatively prime to 
it; whence, @(n) = n — 1. On the other hand, if n > 1 is composite, then n has a 
divisor d such that 1 < d < n. It follows that there are at least two integers among 
1, 2, 3,..., that are not relatively prime to n, namely, d and n itself. As a result, 
o(n) < n — 2. This proves that forn > 1, 


o(n)=n-1 if and only if n is prime 


The first item on the agenda is to derive a formula that will allow us to calculate 
the value of ¢(n) directly from the prime-power factorization of n. A large step in 
this direction stems from Theorem 7.1. 


Theorem 7.1. If p is a prime and k > 0, then 


1 
o(p*) = p* — p*" = p* (1 - -) 
p 


Proof. Clearly, gcd(n, p*) = 1 if and only if p J n. There are p*~! integers between 
1 and p* divisible by p, namely, 


Pp sho” Op 


Thus, the set {1,2,..., pe } contains exactly p* — pe integers that are relatively 
prime to p*, and so by the definition of the phi-function, ¢(p*) = p* — p*"!. 


For an example, we have 
$9) = 6B’) = 37 -3 =6 


the six integers less than and relatively prime to 9 being 1, 2, 4, 5, 7, 8. To give a 
second illustration, there are 8 integers that are less than 16 and relatively prime to 
it; they are 1, 3, 5, 7, 9, 11, 13, 15. Theorem 7.1 yields the same count: 


$(16) = $(2*) = 24-2? = 16-8 =8 


We now know how to evaluate the phi-function for prime powers, and our aim 
is to obtain a formula for ¢(n) based on the factorization of n as a product of primes. 
The missing link in the chain is obvious: show that @ is a multiplicative function. 
We pave the way with an easy lemma. 


Lemma. Given integers a, b, c, gcd(a, bc) = 1 if and only if gcd(a, b) = 1 and 
gcd(a,c) = 1. 


Proof. First suppose that gcd(a, bc) = 1, and put d = gcd(a, b). Thend |a andd |b, 
whence d | a and d | bc. This implies that gcd(a, bc) > d, which forces d = 1. Similar 
reasoning gives rise to the statement gcd(a, c) = 1. 

For the other direction, take gcd(a,b) = 1=  gcd(a,c) and assume that 
gcd(a, bc) = d, > 1. Then d; must have a prime divisor p. Because d | bc, it follows 
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that p | bc; in consequence, p|b or p|c. If p|b, then (by virtue of the fact that p | a) 
we have gcd(a, b) > p, a contradiction. In the same way, the condition p|c leads 
to the equally false conclusion that gcd(a, c) > p. Thus, d; = 1 and the lemma is 
proven. 


Theorem 7.2. The function ¢ is a multiplicative function. 


Proof. It is required to show that d(mn) = ¢(m)d(n), wherever m and n have no 
common factor. Because (1) = 1, the result obviously holds if either m or n equals 
1. Thus, we may assume that m > 1 andn > 1. Arrange the integers from 1 to mn in 
m columns of n integers each, as follows: 


1 9 oe r Song 
m+1 m+2 mtr 2m 


2m+1 2m +2 2n+r 3m 


G2 ne Ce ES) aq ies i 


We know that @(mn) is equal to the number of entries in this array that are relatively 
prime to mn; by virtue of the lemma, this is the same as the number of integers that 
are relatively prime to both m and n. 

Before embarking on the details, it is worth commenting on the tactics to be 
adopted: because gcd(qm + r,m) = gcd(r, m), the numbers in the rth column are 
relatively prime to m if and only if 7 itself is relatively prime to m. Therefore, only 
@(m) columns contain integers relatively prime to m, and every entry in the column 
will be relatively prime to m. The problem is one of showing that in each of these 
oé(m) columns there are exactly ¢(n) integers that are relatively prime to n; for then 
altogether there would be ¢(m)@(n) numbers in the table that are relatively prime to 
both m and n. 

Now the entries in the rth column (where it is assumed that gcd(r, m) = 1) are 


rm+r,2mt+r,...,a—lm+r 
There are n integers in this sequence and no two are congruent modulo n. Indeed, if 
km+r=jm+r (modn) 


with 0 < k < j <n, it would follow that km = jm (mod n). Because gcd(m, n) = 1, 
we could cancel m from both sides of this congruence to arrive at the contradiction 
that k = j (mod n). Thus, the numbers in the rth column are congruent modulo n to 
0, 1,2,...,2—1,1n some order. But if s = ¢t (mod n), then gced(s, n) = 1 if and only 
if gcd(t, n) = 1. The implication is that the rth column contains as many integers that 
are relatively prime to n as does the set {0, 1, 2,...,— 1}, namely, @(7) integers. 
Therefore, the total number of entries in the array that are relatively prime to both m 
and n is 6(m)(n). This completes the proof of the theorem. 


With these preliminaries in hand, we now can prove Theorem 7.3. 
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Theorem 7.3. If the integern > 1 has the prime factorizationn = py De: .»» p&, then 


o(n) = (pt — pi) (oP - aR) (oi - pk) 


1 1 1 
=n(1——]|[1-—]---(1-— 
Pi P2 Pr 
Proof. We intend to use induction on r, the number of distinct prime factors of n. By 


Theorem 7.1, the result is true for 7 = 1. Suppose that it holds for r = i. Because 


i+] 


kik 
ged (pi! py Pi Pepe) = 


the definition of multiplicative function gives 


kj i k; U 
@ (pit pi) pitt) = (pip) 4 (i) 
ki i Ki41—1 
= 6 (pit + 2) (eit — pit) 


Invoking the induction assumption, the first factor on the right-hand side becomes 


o (pity? pl') = (pt! — pi!) (p? = pet) (ei = pf) 


and this serves to complete the induction step and with it the proof. 


Example 7.1. Let us calculate the value ¢(360), for instance. The prime-power de- 
composition of 360 is 23 . 32 . 5, and Theorem 7.3 tells us that 


360) = 360 | 1 : 1 : 1 : 
#60) = 360(1-5) (1-3) (1-5) 


BT eet aa 
2 oS 
The sharp-eyed reader will have noticed that, save for #(1) and #(2), the values of 


o(n) in our examples are always even. This is no accident, as the next theorem shows. 


Theorem 7.4. For > 2, d(n) is an even integer. 


Proof. First, assume that n is a power of 2, let us say that n = 2*, with k > 2. By 
Theorem 7.3, 


o(n) = 62") = 2 (1 : ;) = 21 


an even integer. If n does not happen to be a power of 2, then it is divisible by an 
odd prime p; we therefore may write n asn = p*m, where k > 1 and gcd(p*, m) = 1. 
Exploiting the multiplicative nature of the phi-function, we obtain 


o(n) = 6(p*)o(m) = p*'(p — 1)6(m) 


which again is even because 2| p — 1. 


We can establish Euclid’s theorem on the infinitude of primes in the following 
new way. As before, assume that there are only a finite number of primes. Call them 
P1, P2,---, Pr and consider the integern = p,p2--- p,. We argue thatif1 <a <n, 
then gcd(a, n) # 1. For, the Fundamental Theorem of Arithmetic tells us that a has 
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a prime divisor q. Because p), p2,..., py are the only primes, g must be one of 
these p;, whence g | n; in other words, gcd(a, n) > q. The implication of all this is 
that @(n) = 1, which clearly is impossible by Theorem 7.4. 


PROBLEMS 7.2 


CO 


10. 


11. 


12. 


1. Calculate 6(1001), (5040), and #(36,000). 
2. 
3. Show that the integers m = 3*- 568 and n=3*- 638, where k > 0, satisfy 


Verify that the equality ¢(7) = d(n + 1) = d(n + 2) holds when n = 5186. 


simultaneously 


t(m) = t(n), o(m)=o(n),and = p(m) = on) 


. Establish each of the assertions below: 


(a) If is an odd integer, then @(2n) = (n). 

(b) If x is an even integer, then @(2n) = 2¢(n). 

(c) 6(3n) = 3¢(n) if and only if 3 |x. 

(d) @(3n) = 2(n) if and only if 3 J n. 

(e) o(n) = n/2 if and only if n = 2* for some k > 1. 
[Hint: Write n = 2*N, where N is odd, and use the condition ¢(n) = n/2 to show 
that N = 1.] 


. Prove that the equation @(n) = ¢(n + 2) is satisfied by n = 2(2p — 1) whenever p and 


2p — 1 are both odd primes. 


. Show that there are infinitely many integers n for which ¢(7) is a perfect square. 


[Hint: Consider the integers n = 27*+! fork = 1,2,....] 


. Verify the following: 


(a) For any positive integer n, 5 n < o(n) <n. 
[Hint: Writen = 2" pit .-. p& sog(n) = Gia, ae -»» p&p) — 1)+++(p, — 1). 
Now use the inequalities p—1> /p and k— 5 >k/2 to obtain d(n) > 
dhol phil? pr /2 J 

(b) If the integer n > 1 has r distinct prime factors, then @(n) > n/2’. 

(c) Ifn > 1 is a composite number, then @(n) < n — J/n. 
[Hint: Let p be the smallest prime divisor of n, so that p<. /n. Then 


$(n) <n(1 —1/p).] 


. Prove that if the integer n has r distinct odd prime factors, then 2” | d(7). 
. Prove the following: 


(a) If n and n + 2 are a pair of twin primes, then ¢(m + 2) = o(n) + 2; this also holds 
forn = 12, 14, and 20. 

(b) If p and 2p + 1 are both odd primes, then n = 4p satisfies O(n + 2) = d(n) + 2. 

If every prime that divides n also divides m, establish that 6(nm) = n@(m); in particular, 

o(n7) = nd(n) for every positive integer n. 

(a) If (nm) |n — 1, prove that n is a square-free integer. 
[Hint: Assume that n has the prime factorization n = pi! ps? --- p*, where k, > 2. 
Then p; | $(7), whence p; |n — 1, which leads to a contradiction. ] 

(b) Show that if n = 2* or 2*3/, with k and j positive integers, then #(n) | n. 


Ifn = pe De ... p*, derive the following inequalities: 


(a) o(n)b(n) = n?(1 — 1/p7)1. — 1/p3)--- (1. — 1/37). 
(b) t(n)P(n) > n. 
[Hint: Show that t(n)b(n) > 2” - n(1/2)".] 
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13. 


14. 


15. 


16. 


17. 


18. 


19. 


20. 
21. 


7.3 
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Assuming that d | n, prove that d(d) | d(7). 
[Hint: Work with the prime factorizations of d and n.] 


Obtain the following two generalizations of Theorem 7.2: 
(a) For positive integers m and n, where d = gcd(m, n), 

(d) 

wlmyb(n) = $6mn) oO 


(b) For positive integers m and n, 
o(m)o(n) = o(gcd(m, n))b(Acm(m, nj) 


Prove the following: 

(a) There are infinitely many integers n for which ¢(n) = n/3. 
[Hint: Consider n = 2*3/, where k and j are positive integers.] 

(b) There are no integers n for which @(n) = n/4. 

Show that the Goldbach conjecture implies that for each even integer 2n there exist 

integers n; and n2 with d(n;) + (2) = 2n. 

Given a positive integer k, show the following: 

(a) There are at most a finite number of integers n for which ¢(n) = k. 

(b) If the equation ¢(n) = k has a unique solution, say n = no, then 4| no. 
[Hint: See Problems 4(a) and 4(b).] 
A famous conjecture of R. D. Carmichael (1906) is that there is no k for which the 
equation ¢(n) = k has precisely one solution; it has been proved that any counterex- 
ample n must exceed 1010000000, 

Find all solutions of ¢(n) = 16 and ¢(n) = 24. 

(Hint: If n = p/p,’ --- p* satisfies @(n) = k, then n = [k/TI(p; — 1)]T1p;. Thus the 

integers d; = p; — 1 can be determined by the conditions (1) d; | k, (2) d; + 1 is prime, 

and (3) k/ Td; contains no prime factor not in I1p;.] 

(a) Prove that the equation ¢(n) = 2p, where p is a prime number and 2 p + 1 is com- 
posite, is not solvable. 

(b) Prove that there is no solution to the equation @(n) = 14, and that 14 is the smallest 
(positive) even integer with this property. 

If p is a prime and k > 2, show that ¢(@(p*)) = p*~*@((p — 1)”). 

Verify that @(n) o(n) is a perfect square when n = 63457 = 23 -31- 89. 


EULER’S THEOREM 


As remarked earlier, the first published proof of Fermat’s theorem (namely that 


aP— 


' = 1 (mod p) if p / a) was given by Euler in 1736. Somewhat later, in 1760, 


he succeeded in generalizing Fermat’s theorem from the case of a prime p to 
an arbitrary positive integer n. This landmark result states: if gcd(a, n) = 1, then 
a®) = 1 (mod n). 


For example, putting n = 30 and a = 11, we have 
11969 = 118 = (11°) = (121)* = 1 = 1 (mod 30) 


As a prelude to launching our proof of Euler’s generalization of Fermat’s theo- 


rem, we require a preliminary lemma. 
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Lemma. Letn > 1 and gcd(a,n) = 1. Ifa), a2, ..., gm) are the positive integers less 
than n and relatively prime to n, then 


QQ, 4Q2, ...-, aagn) 
are congruent modulo n to aj, a2, ... , Agi) in Some order. 
Proof. Observe that no two of the integers aa), ad2, ..., dagin) are congruent modulo 


n. For if aa; = aa; (mod n), with 1 <i < j < @(n), then the cancellation law yields 
a; = a; (mod n) and thus a; = a;,acontradiction. Furthermore, because gcd(a;,n) = 1 
for all i and gcd(a, n) = 1, the lemma preceding Theorem 7.2 guarantees that each of 
the aa; is relatively prime to n. 

Fixing on a particular aa;, there exists a unique integer b, where 0 < b <n, for 
which aa; = b (mod n). Because 


gcd(b, n) = gcd(aa;,n) = 1 


b must be one of the integers a), a2, ..., Agin). All told, this proves that the numbers 
aa, a2, ..., AAgin) and the numbers aj, a2, ..., Agim) are identical (modulo n) in a 
certain order. 


Theorem 7.5 Euler. If n > 1 and gcd(a, n) = 1, thena®™ = 1 (mod n). 


Proof. There is no harm in taking n > 1. Let a, dz, ..., dg) be the positive integers 
less than n that are relatively prime to n. Because gcd(a, n) = 1, it follows from the 
lemma that aa), ad2, ..., dag) are congruent, not necessarily in order of appearance, 
tO a1, d2,..., Aga). Then 


aa, =a} (modn) 


aay = a, (mod n) 
dagin) = Asin) (mod n) 


where a}, @5,..., Asin) are the integers a), a2, ..., Ggin) in some order. On taking the 
product of these @(n) congruences, we get 


(aa )(aaz) - + - (adgmny) = a,a5 -- Ayn) (mod n) 
= a\A2 +++ Ag) (mod n) 
and so 
a®™ (ajay -- - Ag(n)) = 412 +++ Agin) (mod n) 


Because gcd(a;,n) = 1 for each i, the lemma preceding Theorem 7.2 implies that 
gcd(a\a2 ---dgmn),n) = 1. Therefore, we may divide both sides of the foregoing 
congruence by the common factor a1 - - - gin), leaving us with 


a®) = 1 (mod n) 
This proof can best be illustrated by carrying it out with some specific numbers. 
Let n = 9, for instance. The positive integers less than and relatively prime to 9 are 


152, 4.-3,-1;8 
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These play the role of the integers a1, a2, ..., Agi) in the proof of Theorem 7.5. If 
a = —4, then the integers aa; are 


—4, —8, —16, —20, —28, —32 
where, modulo 9, 
—4=5 -8=1 -16=2 -20=7 -28=8 -32=4 
When the above congruences are all multiplied together, we obtain 
(—4)(—8)(— 16)(—20)(—28)(—32) = 5-1-2-7-8-4 (mod 9) 
which becomes 
(1-2-4-5-7-8)(—4)° =(1-2-4-5-7-8) (mod 9) 


Being relatively prime to 9, the six integers 1, 2, 4, 5, 7, 8 may be canceled succes- 
sively to give 


(—4)° = 1 (mod 9) 
The validity of this last congruence is confirmed by the calculation 
(—4)° = 4° = (64)? = 17 = 1 (mod 9) 


Note that Theorem 7.5 does indeed generalize the one credited to Fermat, which 
we proved earlier. For if pis a prime, then @(p) = p — 1; hence, when gcd(a, p) = 1, 
we get 


a?! = qa?) = | (mod p) 


and so we have the following corollary. 
Corollary Fermat. If p is a prime and p / a, then a?! = 1 (mod p). 


Example 7.2. Euler’s theorem is helpful in reducing large powers modulo n. To cite a 
typical example, let us find the last two digits in the decimal representation of 37°. This 
is equivalent to obtaining the smallest nonnegative integer to which 37° is congruent 
modulo 100. Because gced(3, 100) = 1 and 


(100) = (2? - 5”) = 100 (1 = 5) (: — 5) = 40 


Euler’s theorem yields 
3° = 1 (mod 100) 
By the Division Algorithm, 256 = 6 - 40 + 16; whence 
3256 — 36-40+16 — (340)6316 — 316 (od 100) 


and our problem reduces to one of evaluating 3!°, modulo 100. The method of succes- 
sive squaring yields the congruences 


37=9 (mod100) 3%=61 (mod 100) 
34 = 81 (mod100) 3!°©=21 (mod 100) 
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There is another path to Euler’s theorem, one which requires the use of Fermat’s 
theorem. 
Second Proof of Euler’s Theorem. To start, we argue by induction that if p { a (pa 
prime), then 


a®”) =1(mod p*) k>0 (1) 


When k = 1, this assertion reduces to the statement of Fermat’s theorem. Assuming 
the truth of Eq. (1) for a fixed value of k, we wish to show that it is true with k replaced 
by k +1. 

Because Eq. (1) is assumed to hold, we may write 


for some integer qg. Also notice that 
o(p**") = p*t! — p* = p(p* — p**) = pd(p*) 
Using these facts, along with the binomial theorem, we obtain 
qgt(P**") — gpd(p*) 


= (a?(P"))P 


= (1+ qp*)y 


=1+ (7) apy + (5) ptt + 


+ ( i ) (qp*)?* + @p*y? 
p-1l 


=1+ ({) (qp*) (mod p**") 


But p | C ), and so p*+! | G )(qp*). Thus, the last-written congruence becomes 


a?) = 1 (mod p**) 
completing the induction step. 
ky ko k, 


Let gcd(a,n) = 1 and n have the prime-power factorization n = p,' p> --: p,’. 
In view of what already has been proven, each of the congruences 


gh?) =1 (mod pi) b= 1,2) ee FE (2) 


holds. Noting that ¢(7) is divisible by $( pi ), we may raise both sides of Eq. (2) to the 
power ¢(n)/( Be ) and arrive at 


a®™ = (mod pj") eat (RO yen a 
Inasmuch as the moduli are relatively prime, this leads us to the relation 
qe” = 1 (mod Dips recs pi’) 
or a? = 1 (mod n). 


The usefulness of Euler’s theorem in number theory would be hard to exaggerate. 
It leads, for instance, to a different proof of the Chinese Remainder Theorem. In other 
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words, we seek to establish that if gcd(n;,n;) = 1 fori ¢ J, then the system of linear 
congruences 
x =a; (mod n;) a ee ere 
admits a simultaneous solution. Let n = njn2---n,, and put N; = n/n; for n = 
1,2,...,7r. Then the integer 
fees a,NeO af ayNo Abs Sicacals a, NO) 
fulfills our requirements. To see this, first note that VN; = 0(modn;) wheneveri # j; 
whence, 
— _. ny Ptni) 
x =ajN; (mod n;) 
But because gcd(N;, n;) = 1, we have 
No) = 1 (mod n;) 


and so x = a; (mod n;) for each i. 

As a second application of Euler’s theorem, let us show that if n is an odd integer 
that is not a multiple of 5, then n divides an integer all of whose digits are equal to 
1 (for example, 7| 111111). Because gcd(n, 10) = 1 and gcd(9, 10) = 1, we have 
gcd(9n, 10) = 1. Quoting Theorem 7.5, again, 


10°”) = 1 (mod 9n) 


This says that 10°°”) — 1 = 9nk for some integer k or, what amounts to the same 
thing, 


10°”) — ] 
kn = ——_—_ 
. 9 


The right-hand side of this expression is an integer whose digits are all equal to 1, 
each digit of the numerator being clearly equal to 9. 


PROBLEMS 7.3 


1. Use Euler’s theorem to establish the following: 
(a) For any integer a, a®’ = a (mod 1729). 
[Hint: 1729 = 7-13 -19.] 
(b) For any integer a, a!? = a (mod 2730). 
[Hint: 2730 = 2-3-5-7-13.] 
(c) For any odd integer a, a** = a (mod 4080). 
[Hint: 4080 = 15 - 16- 17.] 
2. Use Euler’s theorem to confirm that, for any integer n > 0, 


51 | 1022"+9 aes 


3. Prove that 2!° — 2? divides a!> — a? for any integer a. 
[Hint: 2° — 23? =5-7-8-9-13.] 
4. Show that if gcd(a, n) = gcd(a — 1, n) = 1, then 


lt+at+a?+---+a%-! = 0 (mod n) 
[Hint: Recall that a? — 1 = (a — 1)(a®™-!4.--+a?+a+4+1).] 
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5. If m and 7 are relatively prime positive integers, prove that 
me + n%™ = 1 (mod mn) 


6. Fill in any missing details in the following proof of Euler’s theorem: Let p be a prime 
divisor of n and gcd(a, p) = 1. By Fermat’s theorem, a?-! = 1(mod p), so that a?~! = 
1+tp for some t. Therefore a??-) = (1+ tp)? =14+ (1 (tp) +---+(tp)? = 1 
(mod p) and, by induction, a” ’-) = 1 (mod p*), where k = 1,2,.... Raise both 
sides of this congruence to the @(n)/p*—!(p — 1) power to geta®™ = 1 (mod p*). Thus, 
a®™ = 1 (modn). 

7. Find the units digit of 3!°° by means of Euler’s theorem. 

8. (a) If gcd(a, n) = 1, show that the linear congruence ax = b (mod n) has the solution 

x = ba?! (mod n). 
(b) Use part (a) to solve the linear congruences 3x = 5 (mod 26), 13x = 2 (mod 40), 
and 10x = 21 (mod 49). 
9. Use Euler’s theorem to evaluate 2! (mod 77). 
10. For any integer a, show that a and a*"*! have the same last digit. 
11. For any prime p, establish each of the assertions below: 
(a) t(p!) = 2t((p — 1)!). 
(b) o(p!) = (p+ Lo((p — 1))}). 
(c) b(p!) = (p — 1)b((p — 1)!). 
12. Givenn > 1, a set of d(x) integers that are relatively prime to n and that are incongruent 
modulo n is called a reduced set of residues modulo n (that is, a reduced set of residues 
are those members of a complete set of residues modulo n that are relatively prime to 7). 
Verify the following: 
(a) The integers —31, —16, —8, 13, 25, 80 form a reduced set of residues modulo 9. 
(b) The integers 3, 37, 33, 3*, 3°, 3° form a reduced set of residues modulo 14. 


(c) The integers 2, 22,23, ..., 2/8 form a reduced set of residues modulo 27. 
13. If p is an odd prime, show that the integers 
— | —1 
Sr et Oe ee 
2 2 


form a reduced set of residues modulo p. 


7.4 SOME PROPERTIES OF THE PHI-FUNCTION 


The next theorem points out a curious feature of the phi-function; namely, that the 
sum of the values of ¢(d), as d ranges over the positive divisors of n, is equal to n 
itself. This was first noticed by Gauss. 


Theorem 7.6 Gauss. For each positive integer n > 1, 
n=) (4) 
d|n 
the sum being extended over all positive divisors of n. 
Proof. The integers between 1 and n can be separated into classes as follows: If d is a 


positive divisor of n, we put the integer m in the class Sg provided that gcd(m, n) = d. 
Stated in symbols, 


Sq = {m|gcd(m, n) = d;1<m <n} 
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Now gcd(m, n) = d if and only if gcd(m/d,n/d) = 1. Thus, the number of integers 
in the class Sz is equal to the number of positive integers not exceeding n/d that are 
relatively prime to n/d; in other words, equal to ¢(n/d). Because each of the n integers 


in the set {1, 2,..., m} lies in exactly one class Sg, we obtain the formula 
7) 
n= = 
ae 


But as d runs through all positive divisors of n, so does n/d; hence, 
n 
9 (3)=Le@ 
|n d|n 
which proves the theorem. 


Example 7.3. A simple numerical example of what we have just said is provided by 
n = 10. Here, the classes Sz are 


Sp {l, 53,779} 
So = {2, 4, 6, 8} 
S5 = {5} 

Sio = {10} 


These contain ¢(10) = 4, (5) = 4, ¢(2) = 1, and ¢(1) = 1 integers, respectively. 
Therefore, 


>; $(d) = (10) + o(5) + (2) + GC) 


d|10 
=44+4+141=10 


It is instructive to give a second proof of Theorem 7.6, this one depending on 
the fact that @ is multiplicative. The details are as follows. If = 1, then clearly 


> 9@) =) ¢@) =o) =1=n 


d|n d|1 


Assuming that n > 1, let us consider the number-theoretic function 


Fin) =) 4) 


d\n 


Because ¢ is known to be a multiplicative function, Theorem 6.4 asserts that F is 
also multiplicative. Hence, ifn = pi pe vee p* is the prime factorization of n, then 


F(n) = F(p}') F (py) --- F(p) 
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For each value of i, 


F(p') = 9 od) 


d\ pi 
= (1) + o(pi) + o(p?) + 6(p3) +--+ o(p;') 
= 1+(p; — 1) + (p? — pi) + (p? — p?) +--+ (ph - pi’) 
kj 
= Pp; 


because the terms in the foregoing expression cancel each other, save for the term 
pi. Knowing this, we end up with 


F(n) = pi! py pe =n 


n=) ¢@) 


d|n 


and so 


as desired. 
We should mention in passing that there is another interesting identity that in- 
volves the phi-function. 


Theorem 7.7. For n > 1, the sum of the positive integers less than n and relatively 
prime to n is 5no(n). 


Proof. Let a), a2, ..., agin) be the positive integers less than n and relatively prime to 
n. Now because gcd(a, n) = 1 if and only if gcd(n — a, n) = 1, the numbers n — aj, 
nN — Q2,...,N — Agqm) are equal in some order to a1, a2, ... , Agn). Thus, 


ay +427 +--+ + dg) = (n — a1) + (n— a2) +--+ (1 — gay) 
= O(n)n — (a) + a2 +--+ + aga) 
Hence, 
2(a, + a2 +--+ + Agny) = O(n)n 
leading to the stated conclusion. 
Example 7.4. Consider the case where n = 30. The $(30) = 8 integers that are less 
than 30 and relatively prime to it are 
LP ALS LTO 19: 23,29 


In this setting, we find that the desired sum is 


1 
Be Ur eM rel tae oat eee ey 2° 


Also note the pairings 


1+ 29 = 30 7+ 23 = 30 Li-F-19'= 30 13 + 17 = 30 
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This is a good point at which to give an application of the Mobius inversion 
formula. 


Theorem 7.8. For any positive integer n, 


p(n) =n 


d|n 


Proof. The proof is deceptively simple. If we apply the inversion formula to 


F(n) =n = 916) 


d|n 


the result is 


on) =) uaF (=) 


d|n 


= eos 


d|n 


Let us again illustrate the situation where n = 10. As easily can be seen, 


wd) _ wi), 65) ae] 
10 1 —+— 
Dy era Oe age 


a (-1) (-1), (-1? 
= 101 + SP 4 4 SE] 


|e ar 2 
=10/1---z+—/=10-~=4=¢(10 
2 5+] 5 ee 


Starting with Theorem 7.8, it is an easy matter to determine the value of the phi- 
function for any positive integer n. Suppose that the prime-power decomposition of 
nisn = pi ps --» p*, and consider the product 


Li) 1(p;) 
p= TI (x (1) + oe fee oh 


pin : 


Multiplying this out, we obtain a sum of terms of the form 


wept" eps’) «++ wpe) 
Py p> ater De 
or, because jz is known to be multiplicative, 


LL pi! p>’ ++ pe) _ K@) 
Pi! Py ++ Pr’ d 
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where the summation is over the set of divisors d = p{'p5°--- p% of n. Hence, 


Pe ay LL(d)/d. It follows from Theorem 7.8 that 


d k; 
sopra (x + HD a) 


din pin i Pj’ 
But LL ps") = 0 whenever a; > 2. As a result, the last-written equation reduces to 


oon) =n T] (way+ 82) <n TY (1-—) 


pi|n i pi \|n Pi 


which agrees with the formula established earlier by different reasoning. What is 
significant about this argument is that no assumption is made concerning the multi- 
plicative character of the phi-function, only of ju. 


PROBLEMS 7.4 


1. For a positive integer n, prove that 


¢] if m is even 


_1\n/d = 
zh ee if n is odd 


d|n 
[Hint: If n = 2*N, where N is odd, then 
Yep’4a@= DY) o@- >) ¢2*a).] 


d\n d|2k-1N d|N 
2. Confirm that )°j)36 6(d) = 36 and S74, 36(—1)*°/“6(d) = 0. 
3. For a positive integer n, prove that Day u*(d)/o(d) = n/(n). 


[Hint: Both sides of the equation are multiplicative functions.] 
4. Use Problem 4(c), Section 6.2, to prove n 0, in U(d)/d = $(n). 


5. If the integer n > 1 has the prime factorization n = or pe --» p*, establish each of the 

following: 
(a) )_ wd)b(d) = (2 — pi(2 = p2)-++(2= pr). 

d|n 
ST Cs (eg eee (Pe di *) 

rir pitl pot peal. 

d k —1 k —1 k,(p, — 1 

(c) so aes (14 i(p1 ") (14 2(p2 “ye (14 (p ’). 

d|n d Pi P2 Pr 


[Hint: For part (a), use Problem 3, Section 6.2.] 
6. Verify the formula )77,_, 6(d)[n/d] = n(n + 1)/2 for any positive integer n. 
[Hint: This is a direct application of Theorems 6.11 and 7.6.] 
7. If n is a square-free integer, prove that )°,,,, 0(d*~')b(d) = n'* for all integers k > 2. 
. For a square-free integer n > 1, show that t(n”) = n if and only if n = 3. 
9. Prove that 3 | o(3n + 2) and 4|o(4n + 3) for any positive integer n. 


oo 
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10. 


11. 


12. 
13. 
14. 


15. 
16. 
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(a) Given k > 0, establish that there exists a sequence of k consecutive integers n + 1, 
n+2,...,n +k satisfying 


Mn+ 1)=pa+2)=---=pnwn+k)=0 
[Hint: Consider the following system of linear congruences, where p,; is the kth 
prime: 
x = —1 (mod 4), x = —2 (mod 9), ..., x = —k (mod p?).] 


(b) Find four consecutive integers for which u(n) = 0. 
Modify the proof of Gauss’ theorem to establish that 


oe scd(k, n) = Dea (5) 


g(d) 
uf (1 —— forn > 1 
For n > 2, establish the inequality 6(n”) + @((n + 1)?) < 2n?. 
Given an integer n, prove that there exists at least one k for which n | @(k). 
Show that if n is a product of twin primes, say n = p(p + 2), then 
p(njo(n) = (n + 1)(n — 3) 
Prove that 34), 7(d)(n/d) = nt(n) and )),,, t(d)b(n/d) = o(n). 
If a1, dz, ..., Ag) 18 a reduced set of residues modulo 7, show that 


a; + a2 +--++agnm) = O(mod n) forn > 2 
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PRIMITIVE ROOTS AND INDICES 


... mathematical proofs, like diamonds, are hard as well as clear, and will be 
touched with nothing but strict reasoning. 
JOHN LOCKE 


8.1 THE ORDER OF AN INTEGER MODULO n 


In view of Euler’s theorem, we know that a?™ = 1 (modn), whenever gcd(a,n) = 1. 
Yet there are often powers of a smaller than a that are congruent to 1 modulo n. 
This prompts the following definition. 


Definition 8.1. Let n > 1 and gcd(a, n) = 1. The order of a modulo n (in older ter- 
minology: the exponent to which a belongs modulo n) is the smallest positive integer 
k such that a* = 1 (modn). 


Consider the successive powers of 2 modulo 7. For this modulus, we obtain the 
congruences 


2 = 2,274,237 =1,24=2,2=4,2°=1.,... 


from which it follows that the integer 2 has order 3 modulo 7. 

Observe that if two integers are congruent modulo n, then they have the same 
order modulo n. For if a = b (mod n) and a* = 1 (mod n), Theorem 4.2 implies that 
a* = b¥ (mod n), whence b* = 1 (mod n). 

It should be emphasized that our definition of order modulo n concerns only 
integers a for which gcd(a, n) = 1. Indeed, if gcd(a, n) > 1, then we know from 
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Theorem 4.7 that the linear congruence ax = 1 (mod n) has no solution; hence, the 
relation 


a®’“=1(modn) k>1 


cannot hold, for this would imply that x = a*~! is a solution of ax = 1 (mod n). 


Thus, whenever there is reference to the order of a modulo n, it is to be assumed 
that gcd(a, n) = 1, even if it is not explicitly stated. 

In the example given previously, we have 2" = 1 (mod 7) whenever k is a 
multiple of 3, where 3 is the order of 2 modulo 7. Our first theorem shows that this 
is typical of the general situation. 


Theorem 8.1. Let the integer a have order k modulo n. Then a” = 1 (mod n) if and 
only if k | A; in particular, k | p(n). 


Proof. Suppose that we begin with k | h, so that h = jk for some integer j. Because 

a* = 1 (mod n), Theorem 4.2 yields (a*)/ = 1/ (mod n) or a” = 1 (mod n). 
Conversely, let h be any positive integer satisfying a” = 1 (modn). By the Division 

Algorithm, there exist g andr such that h = gk +r, where 0 < r < k. Consequently, 


qa’ = qiktr = (a* fa" 


By hypothesis, both a” = 1 (mod n) and a* = 1 (mod n), the implication of which is 
that a” = 1 (mod zn). Because 0 < r < k, we end up withr = 0; otherwise, the choice 
of k as the smallest positive integer such that a* = 1 (mod n) is contradicted. Hence, 
h = qk, andk |h. 


Theorem 8.1 expedites the computation when we attempt to find the order of 
an integer a modulo n; instead of considering all powers of a, the exponents can be 
restricted to the divisors of ¢(n). Let us obtain, by way of illustration, the order of 
2 modulo 13. Because $(13) = 12, the order of 2 must be one of the integers 1, 2, 
3, 4, 6, 12. From 


H=2 YM=4 P=Bs Med 2212 ~~ 2! =1 (mod 13) 


it is seen that 2 has order 12 modulo 13. 

For an arbitrarily selected divisor d of $(n), it is not always true that there exists 
an integer a having order d modulo n. An example is n = 12. Here (12) = 4, yet 
there is no integer that is of order 4 modulo 12; indeed, we find that 


1! =5° =7 =11* =1 (mod 12) 
and therefore the only choice for orders is 1 or 2. 


Here is another basic fact regarding the order of an integer. 


Theorem 8.2. If the integer a has order k modulo n, then a’ = a/ (mod n) if and only 
if i = j (mod k). 


Proof. First, suppose that a’ = a/ (mod n), where i > j. Because a is relatively 
prime to n, we may cancel a power of a to obtain a’-/ = 1 (mod n). According to 
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Theorem 8.1, this last congruence holds only if k |i — j, which is just another way of 
saying that i = j (mod k). 

Conversely, let i = j (mod k). Then we have i = j + qk for some integer q. By 
the definition of k, a* = 1 (mod n), so that 


ai =ai*%# = gi(a*)i = a/ (modn) 


which is the desired conclusion. 


Corollary. If a has order k modulo n, then the integers a, a’,...,a* are incongruent 
modulo n. 


Proof. If a' =a/ (mod n) for 1<i< j <k, then the theorem ensures that 
i = j (mod k). But this is impossible unless i = /. 


A fairly natural question presents itself: Is it possible to express the order of any 
integral power of a in terms of the order of a? The answer is contained in Theorem 8.3. 


Theorem 8.3. If the integer a has order k modulo n and h > 0, then a" has order 
k/gcedth, k) modulo n. 


Proof. Let d= gcd(h,k). Then we may write h=h,d and k=kj,d, with 
gcd (hy, k,) = 1. Clearly, 
(a) = (a4)*/4 — (gk) = 1 (mod n) 


If a” is assumed to have order r modulo n, then Theorem 8.1 asserts that r | k,. On the 
other hand, because a has order k modulo n, the congruence 


a” =(a")! = 1 (modn) 


indicates that k | hr; in other words, kd | h,dr or k; | hyr. But gcd(k,, h,) = 1, and 
therefore k, |r. This divisibility relation, when combined with the one obtained earlier, 
gives 


k k 


-—-k,=- = qx 
eed gdh, k) 


proving the theorem. 
The preceding theorem has a corollary for which the reader may supply a proof. 


Corollary. Let a have order k modulo n. Then a’ also has order k if and only if 
gcd(h, k) = 1. 


Let us see how all this works in a specific instance. 


Example 8.1. The following table exhibits the orders modulo 13 of the positive 
integers less than 13: 
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We observe that the order of 2 modulo 13 is 12, whereas the orders of 2? and 23 
are 6 and 4, respectively; it is easy to verify that 


12 12 
6 = ——— and 4=——— 
gcd(2, 12) gcd(3, 12) 
in accordance with Theorem 8.3. The integers that also have order 12 modulo 13 are 


powers 2* for which gcd(k, 12) = 1; namely, 
Peo. Bese. Wat 2S 7613) 


If an integer a has the largest order possible, then we call it a primitive root 
of n. 


Definition 8.2. If gcd(a, n) = 1 and a is of order #(n) modulo n, then a is a primitive 
root of the integer n. 


To put it another way, n has a as a primitive root if a?” = 1 (mod n), but 
a‘ # 1 (mod n) for all positive integers k < $(n). 
It is easy to see that 3 is a primitive root of 7, for 


Se3 0 38% e288 GOSH PSS O38 = 1 (mod 7) 


More generally, we can prove that primitive roots exist for any prime modulus, which 
is a result of fundamental importance. Although it is possible for a primitive root of 
n to exist when n is not a prime (for instance, 2 is a primitive root of 9), there is no 
reason to expect that every integer n possesses a primitive root; indeed, the existence 
of primitive roots is more often the exception than the rule. 


Example 8.2. Let us show that if F, = 2" +1 n>I1,isa prime, then 2 is not a 
primitive root of F,,. (Clearly, 2 is a primitive root of 5 = F;.) From the factorization 
2" — 1 = 2?" + 1) (22" — 1), we have 

2?"" = 1 (mod F,) 


which implies that the order of 2 modulo F,, does not exceed 2+! Butif F,, is assumed 
to be prime, then 


o(F,) = F, —1=2” 


and a straightforward induction argument confirms that 22" > 2”+!, whenever n > 1. 
Thus, the order of 2 modulo F, is smaller than $(F,,); referring to Definition 8.2, we 
see that 2 cannot be a primitive root of F;,. 


One of the chief virtues of primitive roots lies in our next theorem. 


Theorem 8.4. Let gcd(a,n) = 1 and let aj, az, ... , Agim) be the positive integers less 
than n and relatively prime to n. If a is a primitive root of n, then 


Oa ae 


are congruent modulo n to aj, a2, ..., Agim), iN Some order. 
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Proof. Because a is relatively prime ton, the same holds for all the powers of a; hence, 
each a* is congruent modulo n to some one of the a;. The ¢(n) numbers in the set 
{a,a*,...,a?™} are incongruent by the corollary to Theorem 8.2; thus, these powers 
must represent (not necessarily in order of appearance) the integers a), a2, ... , Agin)- 


One consequence of what has just been proved is that, in those cases in which 
a primitive root exists, we can now state exactly how many there are. 


Corollary. If n has a primitive root, then it has exactly ¢(¢(n)) of them. 


Proof. Suppose that a is a primitive root of n. By the theorem, any other primitive 
root of n is found among the members of the set {a,a*,...,a%}. But the number 
of powers a‘, 1 < k < ¢(n), that have order $(n) is equal to the number of integers k 
for which gcd(k, @(n)) = 1; there are ¢(@(n)) such integers, hence, ¢(g()) primitive 
roots of n. 


Theorem 8.4 can be illustrated by taking a = 2 and n = 9. Because @(9) = 6, 
the first six powers of 2 must be congruent modulo 9, in some order, to the positive 
integers less than 9 and relatively prime to it. Now the integers less than and relatively 
prime to 9 are 1, 2, 4, 5, 7, 8, and we see that 


De DAS = es 25° <8 = 1 mod:9) 


By virtue of the corollary, there are exactly 6(¢(9)) = (6) = 2 primitive roots 
of 9, these being the integers 2 and 5. 


PROBLEMS 8.1 


1. Find the order of the integers 2, 3, and 5: 
(a) modulo 17. 
(b) modulo 19. 
(c) modulo 23. 
2. Establish each of the statements below: 
(a) If a has order hk modulo n, then a” has order k modulo n. 
(b) If a has order 2k modulo the odd prime p, then a* = —1 (mod p). 
(c) If a has order n — 1 modulo n, then n is a prime. 
3. Prove that @(2” — 1) is a multiple of n for anyn > 1. 
[Hint: The integer 2 has order n modulo 2” — 1.] 
4. Assume that the order of a modulo n is h and the order of b modulo n is k. Show that the 
order of ab modulo n divides hk; in particular, if gcd(h, k) = 1, then ab has order hk. 
5. Given that a has order 3 modulo p, where p is an odd prime, show that a + 1 must have 
order 6 modulo p. 
[Hint: From a? +a+1=0 (mod p), it follows that (a + 1)? =a (mod p) and 
(a + 1 = —1 (mod p).] 
6. Verify the following assertions: 
(a) The odd prime divisors of the integer n? + 1 are of the form 4k + 1. 
[Hint: n? = —1 (mod p), where p is an odd prime, implies that 4|@(p) by 
Theorem 8.1.] 
(b) The odd prime divisors of the integer n+ + 1 are of the form 8k + 1. 
(c) The odd prime divisors of the integer n? + n + 1 that are different from 3 are of the 
form 6k + 1. 
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Establish that there are infinitely many primes of each of the forms 4k + 1, 6k + 1, and 
8k + 1. 

[Hint: Assume that there are only finitely many primes of the form 4k + 1; call them 
Pi, P2, +--+, Pr- Consider the integer (2p; p2--- p,)* + 1 and apply the previous prob- 
lem.] 


. (a) Prove that if p and g are odd primes and q |a? — 1, then either g|a — 1 or else 


q = 2kp + 1 for some integer k. 
[Hint: Because a? = 1 (mod q), the order of a modulo gq is either 1 or p; in the latter 
case, p | $(q).] 

(b) Use part (a) to show that if p is an odd prime, then the prime divisors of 2? — 1 are 
of the form 2kp + 1. 

(c) Find the smallest prime divisors of the integers 2!” — 1 and 27? — 1. 


. (a) Verify that 2 is a primitive root of 19, but not of 17. 


(b) Show that 15 has no primitive root by calculating the orders of 2, 4, 7, 8, 11, 13, and 
14 modulo 15. 


. Let r be a primitive root of the integer n. Prove that r* is a primitive root of n if and only 


if gcd(k, o(n)) = 1. 


. (a) Find two primitive roots of 10. 


(b) Use the information that 3 is a primitive root of 17 to obtain the eight primitive roots 
of 17. 


- (a) Prove that if p and gq > 3 are both odd primes and q | Rp, theng = 2kp + 1 for some 


integer k. 
(b) Find the smallest prime divisors of the repunits Rs = 11111 and R7 = 1111111. 
(a) Let p > 5 be prime. If R, is the smallest repunit for which p | R,, establish that 
n|p — 1. For example, Rg is the smallest repunit divisible by 73, and 8 | 72. 
[Hint: The order of 10 modulo p is n.] 
(b) Find the smallest R,, divisible by 13. 


PRIMITIVE ROOTS FOR PRIMES 


Because primitive roots play a crucial role in many theoretical investigations, a prob- 
lem exerting a natural appeal is that of describing all integers that possess primitive 
roots. We shall, over the course of the next few pages, prove the existence of primitive 
roots for all primes. Before doing this, let us turn aside briefly to establish Lagrange’s 
theorem, which deals with the number of solutions of a polynomial congruence. 


Theorem 8.5 Lagrange. If p is a prime and 
f (x) = ayx” + ay_yx" | + +--+ ax +a an # 0 (mod p) 
is a polynomial of degree n > 1 with integral coefficients, then the congruence 


f(x) = 0 (mod p) 


has at most n incongruent solutions modulo p. 


Proof. We proceed by induction on 7, the degree of f(x). Ifn = 1, then our polynomial 
is of the form 


f(x) =a1x + a 
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Because gcd(a;, p)=1, Theorem 4.7 asserts that the congruence a,x = —do 
(mod p) has a unique solution modulo p. Thus, the theorem holds for = 1. 

Now assume inductively that the theorem is true for polynomials of degree k — 1, 
and consider the case in which f(x) has degree k. Either the congruence f(x) = 0 
(mod p) has no solutions (and we are finished), or it has at least one solution, call it a. 
If f(x) is divided by x — a, the result is 


f(x) = & — a)q(x) +r 


in which q(x) is a polynomial of degree k — 1 with integral coefficients and r is an 
integer. Substituting x = a, we obtain 


0= f(a) =(@—a)q(a) +r =r (mod p) 


and therefore f(x) = (x — a)q(x) (mod p). 
If b is another one of the incongruent solutions of f(x) = 0 (mod p), then 


0 = f(®) = © — a)q(b) (mod p) 


Because b — a $ 0 (mod p), we may cancel to conclude that g(b) = 0 (mod p); in 
other words, any solution of f(x) = 0 (mod p) that is different from a must satisfy 
q(x) = 0 (mod p). By our induction assumption, the latter congruence can possess at 
most k — 1 incongruent solutions, and therefore f(x) = 0 (mod p) has no more than 
k incongruent solutions. This completes the induction step and the proof. 


From this theorem, we can pass easily to the corollary. 


Corollary. If p is a prime number and d | p — 1, then the congruence 
x4 —1=0(mod p) 


has exactly d solutions. 


Proof. Because d | p — 1, we have p — 1 = dk for some k. Then 
xP-1_ 1 = (x4 — 1) f(x) 


where the polynomial f(x) = x#4-) 4 x4@-%4...+x%4+41 has integral 
coefficients and is of degree d(k — 1) = p—1-—d. By Lagrange’s theorem, the 
congruence f(x) =0 (mod p) has at most p—1-—d solutions. We also know 
from Fermat’s theorem that x’~' — 1 = 0 (mod p) has precisely p — 1 incongruent 
solutions; namely, the integers 1, 2,..., p — 1. 

Now any solution x = a (mod p) of x?-! _ 1 = 0 (mod p) that is not a solution 
of f(x) = 0 (mod p) must satisfy x“ — 1 = 0 (mod p). For 


0 =a?! —1 = (a4 — 1)f(@ (mod p) 


with p J f(a), implies that p | a? — 1. It follows that x? — 1 = 0 (mod p) must have 
at least 


P=l=@=)—d) 4 


solutions. This last congruence can possess no more than d solutions (Lagrange’s 
theorem enters again) and, hence, has exactly d solutions. 
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We take immediate advantage of this corollary to prove Wilson’s theorem in a 
different way: given a prime p, define the polynomial f(x) by 
(@)=@= Ne =2) 30S =)) = GP S41) 

= apn? * + Ay_3x?-3 +.---+a,;x + a9 
which is of degree p — 2. Fermat’s theorem implies that the p — 1 integers 
1,2,..., p — 1 are incongruent solutions of the congruence 

f(x) = 0 (mod p) 

But this contradicts Lagrange’s theorem, unless 

Ap—2 = Ap_-3 = +++ = 4) = a = 0 (mod p) 
It follows that, for any choice of the integer x, 

(x — 1a — 2)---(« — (p— 1)) - @? | — 1) = 0 (mod p) 

Now substitute x = 0 to obtain 

(—1)(—2)---(-(@p — 1) + 1 = 0 (mod p) 
or (—1)?-!(p — 1)! + 1 = 0 (mod p). Either p — 1 is even or p = 2, in which case 
—1 =1 (mod p); at any rate, we get 

(p — 1)! = —-1 (mod p) 


Lagrange’s theorem has provided us with the entering wedge. We are now in a 
position to prove that, for any prime p, there exist integers with order corresponding 
to each divisor of p — 1. We state this more precisely in Theorem 8.6. 


Theorem 8.6. If p is a prime number and d | p — 1, then there are exactly $(d) 
incongruent integers having order d modulo p. 


Proof. Let d| p — 1 and w(d) denote the number of integers k, 1 < k < p — 1, that 
have order d modulo p. Because each integer between 1 and p — 1 has order d for 
some d | p — 1, 


p-1= >) ¥@ 
d|p-1 
At the same time, Gauss’s theorem tells us that 
p-1= >> ¢@) 
d|p-1 
and therefore, putting these together, 
yy ¥@= D5 o@ (1) 
d|p-1 d|p-1 


Our aim is to show that w(d) < ¢(d) for each divisor d of p — 1, because this, in 
conjunction with Eq. (1), would produce the equality w(d) = ¢(d) # 0 (otherwise, 
the first sum would be strictly smaller than the second). 

Given an arbitrary divisor d of p — 1, there are two possibilities: we either 
have y(d) = 0 or W(d) > 0. If w(d) = O, then certainly w(d) < ¢(d). Suppose that 
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w(d) > 0, so that there exists an integer a of order d. Then the d integers a, a*,...,a% 
are incongruent modulo p and each of them satisfies the polynomial congruence 
x? —1=0(mod p) (2) 


for, (a*)* = (a*)* = 1 (mod p). By the corollary to Lagrange’s theorem, there can be 
no other solutions of Eq. (2). It follows that any integer having order d modulo p must 
be congruent to one of a, a’,...,a*. But only ¢(d) of the just-mentioned powers have 
order d, namely those a* for which the exponent k has the property gcd(k, d) = 1. 
Hence, in the present situation, y(d) = ¢(d), and the number of integers having order 
d modulo p is equal to ¢(d). This establishes the result we set out to prove. 


Taking d = p — 1 in Theorem 8.6, we arrive at the following corollary. 


Corollary. If p is a prime, then there are exactly ¢(p — 1) incongruent primitive roots 
of p. 


An illustration is afforded by the prime p = 13. For this modulus, 1 has order 
1; 12 has order 2; 3 and 9 have order 3; 5 and 8 have order 4; 4 and 10 have order 6; 
and four integers, namely 2, 6, 7, 11, have order 12. Thus, 


Y ¥@) = v0) + ¥2)+ ¥Q)+ v4 + vO) + v2) 
d|12 
=141424242+4+4=12 


as it should. Also notice that 
wd) =1=¢() ywA@) =2=¢@4) 
y(2)=1=¢(2) y(6) =2= ¢(6) 
(3) = 2 = (3) p12) = 4 = ¢(12) 
Incidentally, there is a shorter and more elegant way of proving that w(d) = 


o(d) for each d | p — 1. We simply subject the formula d = ey a V(c) to Mobius 
inversion to deduce that 


d 
wd) = D_uo)— 
In light of Theorem 7.8, the right-hand side of the foregoing equation is equal to g(d). 
Of course, the validity of this argument rests upon using the corollary to Theorem 
8.5 to show that d = )° 4 ¥(c). 

We can use this last theorem to give another proof of the fact that if p is a 
prime of the form 4k + 1, then the quadratic congruence x” = —1 (mod p) admits 
a solution. Because 4| p — 1, Theorem 8.6 tells us that there is an integer a having 
order 4 modulo p; in other words, 


a‘ = 1 (mod p) 
or equivalently, 


(a? — 1)(a* + 1) = 0 (mod p) 
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Because p is a prime, it follows that either 
a’ — 1 =0(mod p) or a’ + 1 =0(mod p) 


If the first congruence held, then a would have order less than or equal to 2, a 
contradiction. Hence, a* + 1 = 0 (mod p), making the integer a a solution to the 
congruence x* = —1 (mod p). 

Theorem 8.6, as proved, has an obvious drawback; although it does indeed imply 
the existence of primitive roots for a given prime p, the proof is nonconstructive. 
To find a primitive root, we usually must either proceed by brute force or fall back 
on the extensive tables that have been constructed. The accompanying table lists the 
smallest positive primitive root for each prime below 200. 


Least positive 
Prime primitive root 


Least positive 
Prime primitive root 


2 1 89 3 

3 2 97 5 

5 2 101 2 

7 3 103 5 
11 2 107 2 
13 2 109 6 
17 3 113 3 
19 2 127 3 
23 5 131 2 
29 2 137 3 
31 3 139 2 
37 2 149 2 
41 6 151 6 
43 3 157 5 
47 5 163 2 
53 2 167 5 
59 2 173 2 
61 2 179 2 
67 2 181 2 
71 7 191 19 
73 5 193 5 
79 3 197 2 
83 2 199 3 


If x(p) designates the smallest positive primitive root of the prime p, then 
the table presented shows that x(p) < 19 for all p < 200. In fact, x(p) becomes 
arbitrarily large as p increases without bound. The table suggests, although the 
answer is not yet known, that there exist an infinite number of primes p for which 
X(p) = 2. 

In most cases x(p) is quite small. Among the 78498 odd primes up to 10°, 
x(p) < 6 holds for about 80% of these primes; x(p) = 2 takes place for 29841 
primes or approximately 37% of the time, whereas x(p) = 3 happens for 17814 
primes, or 22% of the time. 


PRIMITIVE ROOTS AND INDICES 157 


In his Disquisitiones Arithmeticae, Gauss conjectured that there are infinitely 
many primes having 10 as a primitive root. In 1927, Emil Artin generalized this 
unresolved question as follows: for a not equal to 1, —1, or a perfect square, do 
there exist infinitely many primes having a as a primitive root? Although there is 
little doubt that this latter conjecture is true, it has yet to be proved. Recent work has 
shown that there are infinitely many a’s for which Artin’s conjecture is true, and at 
most two primes for which it fails. 

The restrictions in Artin’s conjecture are justified as follows. Let a be a perfect 
square, say a = x”, and let p be an odd prime with gcd(a, p) = 1. If p J x, then 
Fermat’s theorem yields xP-! = 1 (mod p), whence 


aP-V/2 = (x2)(P-D/2 = | (mod p) 


Thus, a cannot serve as a primitive root of p [if p |x, then p|a and surely a?-! # 
1 (mod p)]. Furthermore, because (—1)* = 1, —1 is not a primitive root of p when- 
ever p— 1 > 2. 


Example 8.3. Let us employ the various techniques of this section to find the #(6) = 2 
integers having order 6 modulo 31. To start, we know that there are 


$(OG31)) = 660) = 8 


primitive roots of 31. Obtaining one of them is a matter of trial and error. Because 2° = 
1 (mod 31), the integer 2 is clearly ruled out. We need not search too far, because 3 
turns out to be a primitive root of 31. Observe that in computing the integral powers of 
3 it is not necessary to go beyond 3!°; for the order of 3 must divide (31) = 30 and 
the calculation 


3% = (27p = (—4) = (—64)(16) = —2(16) = —1 ¥ 1 (mod 31) 


shows that its order is greater than 15. 

Because 3 is a primitive root of 31, any integer that is relatively prime to 31 is 
congruent modulo 31 to an integer of the form 3*, where 1 < k < 30. Theorem 8.3 
asserts that the order of 3* is 30/gcd(k, 30); this will equal 6 if and only if gcd(k, 30) = 5. 
The values of k for which the last equality holds arek = 5andk = 25. Thus our problem 
is now reduced to evaluating 3° and 3° modulo 31. A simple calculation gives 


35 = (27)9 = (—4)9 = —36 = 26 (mod 31) 
32 = (3°) = (26)? = (—5) = (—125)(25) = —1(25) = 6 (mod 31) 


so that 6 and 26 are the only integers having order 6 modulo 31. 


PROBLEMS 8.2 


1. If p is an odd prime, prove the following: 
(a) The only incongruent solutions of x* = 1 (mod p) are 1 and p — 1. 
(b) The congruence x?~? + --- +. x* +x + 1 =0 (mod p) has exactly p — 2 incongru- 
ent solutions, and they are the integers 2, 3,..., p — 1. 
2. Verify that each of the congruences x* = 1 (mod 15), x* = —1 (mod 65), and x* = 
—2 (mod 33) has four incongruent solutions; hence, Lagrange’s theorem need not hold 
if the modulus is a composite number. 
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. Determine all the primitive roots of the primes p = 11, 19, and 23, expressing each as a 


power of some one of the roots. 


. Given that 3 is a primitive root of 43, find the following: 


(a) All positive integers less than 43 having order 6 modulo 43. 
(b) All positive integers less than 43 having order 21 modulo 43. 


. Find all positive integers less than 61 having order 4 modulo 61. 
. Assuming that r is a primitive root of the odd prime p, establish the following facts: 


(a) The congruence r’~)/? = —1 (mod p) holds. 

(b) If 7’ is any other primitive root of p, then rr’ is not a primitive root of p. 
[Hint: By part (a), (rr’)?—?/ = 1 (mod p).] 

(c) If the integer r’ is such that rr’ = 1 (mod p), then’ is a primitive root of p. 


. For a prime p > 3, prove that the primitive roots of p occur in incongruent pairs r, r’ 


where rr’ = 1 (mod p). 
[Hint: If r is a primitive root of p, consider the integer r’ = r?~.] 


. Let r be a primitive root of the odd prime p. Prove the following: 


(a) If p = 1 (mod 4), then —, is also a primitive root of p. 
(b) If p = 3 (mod 4), then —r has order (p — 1)/2 modulo p. 


. Give a different proof of Theorem 5.5 by showing that if 7 is a primitive root of the prime 


p = 1 (mod 4), thenr”—)/4 satisfies the quadratic congruence x? + 1 = 0 (mod p). 
Use the fact that each prime p has a primitive root to give a different proof of Wilson’s 
theorem. 

[Hint: If p has a primitive root r, then Theorem 8.4 implies that (p — 1)! = r}t?+-+@—D 
(mod p).] 

If p is a prime, show that the product of the @(p — 1) primitive roots of p is congruent 
modulo p to (—1)??-, 

[Hint: If r is a primitive root of p, then the integer r* is a primitive root of p provided 
that gcd(k, p — 1) = 1; now use Theorem 7.7.] 

For an odd prime p, verify that the sum 


O(mod p) —if(p—1) fn 


n n n r _— o— 
1" 42% 43% 4+.--4+(p—1) Sees if(p—1)|n 


[Hint: If (p — 1) J n, andr isa primitive root of p, then the indicated sum is congruent 
modulo p to 


(p-I)n _ 
Ltr tr poe ptm = TE 
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COMPOSITE NUMBERS HAVING PRIMITIVE ROOTS 


saw earlier that 2 is a primitive root of 9, so that composite numbers can also 


possess primitive roots. The next step in our program is to determine all composite 
numbers for which there exist primitive roots. Some information is available in the 
following two negative results. 


Theorem 8.7. For k > 3, the integer 2* has no primitive roots. 


Proof. For reasons that will become clear later, we start by showing that if a is an odd 
integer, then for k > 3 


a?” = 1 (mod 2*) 
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If k = 3, this congruence becomes a? = 1 (mod 8), which is certainly true (indeed, 
1? = 3* = 5* = 7 = 1 (mod 8)). Fork > 3, we proceed by induction on k. Assume 
that the asserted congruence holds for the integer k; that is, a =1 (mod ay: This 
is equivalent to the equation 
a = 1+ bk 
where b is an integer. Squaring both sides, we obtain 
a2 = (a2)? = 1 + 2(b2*) + (b2*y* 
S126 +572") 
= | (mod 2*t!) 
so that the asserted congruence holds for k + 1 and, hence, for all k > 3. 
Now the integers that are relatively prime to 2* are precisely the odd integers, so 
that ¢(2*) = 2*-!. By what was just proved, if a is an odd integer and k > 3, 
a?/2 = | (mod 2*) 


and, consequently, there are no primitive roots of 2*. 
Another theorem in this same spirit is Theorem 8.8. 


Theorem 8.8. If gcd(m, n) = 1, where m > 2 andn > 2, then the integer mn has no 
primitive roots. 


Proof. Consider any integer a for which gcd(a, mn) = 1; then gcd(a, m) = 1 and 
gcd(a, n) = 1. Puth = Icm(¢(m), d(n)) and d = gcd(g(m), P(n)). 

Because ¢(m) and ¢(n) are both even (Theorem 7.4), surely d > 2. In conse- 
quence, 


_ (mom) _ o(mn) 

d ae 
Now Euler’s theorem asserts that a?) = 1 (mod m). Raising this congruence to the 
o(n)/d power, we get 


Are (ahem emia = 19/4 =] (mod m) 


h 


Similar reasoning leads toa’ = 1 (modn). Together with the hypothesis gcd(m, n) = 1, 
these congruences force the conclusion that 


a" = 1 (mod mn) 
The point we wish to make is that the order of any integer relatively prime to mn does 


not exceed ¢(mn)/2, whence there can be no primitive roots for mn. 


Some special cases of Theorem 8.8 are of particular interest, and we list these 
below. 


Corollary. The integer n fails to have a primitive root if either 


(a) n is divisible by two odd primes, or 
(b) n is of the form n = 2” p*, where p is an odd prime and m > 2. 
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The significant feature of this last series of results is that it restricts our search 
for primitive roots to the integers 2, 4, p*, and 2p*, where p is an odd prime. In this 
section, we prove that each of the numbers just mentioned has a primitive root, the 
major task being the establishment of the existence of primitive roots for powers of 
an odd prime. The argument is somewhat long-winded, but otherwise routine; for 
the sake of clarity, it is broken down into several steps. 


Lemma 1. If p is an odd prime, then there exists a primitive root r of p such that 
r?-! £1 (mod p’). 


Proof. From Theorem 8.6, it is known that p has primitive roots. Choose one, and 
call itr. If r?~'! 4 1 (mod p?), then we are finished. In the contrary case, replace r by 
r' =r + p, whichis also a primitive root of p. Then employing the binomial theorem, 


(rye = + py! =rP* + (p— Wpr? (mod p*) 
But we have assumed that r?~! = 1 (mod p”); hence, 
(r’)?-! = 1 — pr?~? (mod p”) 
Because r is a primitive root of p, gcd(r, p) = 1, and therefore p J r?~*. The outcome 


of all this is that (r’)?~! # 1 (mod p?), which proves the lemma. 


Corollary. If p is an odd prime, then p” has a primitive root; in fact, for a primitive 
root r of p, either r or r + p (or both) is a primitive root of p?. 


Proof. The assertion is almost obvious: if 7 is a primitive root of p, then the order of 
r modulo p? is either p — 1 or p(p — 1) = 6(p’). The foregoing proof shows that if 
r has order p — 1 modulo p”, thenr + p is a primitive root of p?. 


As an illustration of this corollary, we observe that 3 is a primitive root of 7, and 
that both 3 and 10 are primitive roots of 7”. Also, 14 is a primitive root of 29 but not 
of 29. 

To reach our goal, another somewhat technical lemma is needed. 


Lemma 2. Let p be an odd prime and let r be a primitive root of p with the property 
that r?~! # 1 (mod p?). Then for each positive integer k > 2, 

r?*-) & | (mod p*) 
Proof. The proof proceeds by induction on k. By hypothesis, the assertion holds for 


k = 2. Let us assume that it is true for some k > 2 and show that it is true for k + 1. 
Because gcd(r, p*—!) = gcd(r, p*) = 1, Euler’s theorem indicates that 


pP*(P-) — 7-6) = 1 (mod p*) 
Hence, there exists an integer a satisfying 
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where p { a by our induction hypothesis. Raise both sides of this last equation to the 
pth power and expand to obtain 
rP 0-1) — (1 4 ap*)P = 1 + ap* (mod p**?) 
Because the integer a is not divisible by p, we have 
per 1) # 1 (mod p**!y 


This completes the induction step, thereby proving the lemma. 


The hard work, for the moment, is over. We now stitch the pieces together to 
prove that the powers of any odd prime have a primitive root. 


Theorem 8.9. If p is an odd prime number and k > 1, then there exists a primitive 
root for p*. 


Proof. The two lemmas allow us to choose a primitive root r of p for which rP(P-1) FZ 
1 (mod p*); in fact, any integer r satisfying the condition r?~! # 1 (mod p*) will do. 
We argue that such an r serves as a primitive root for all powers of p. 

Let n be the order of r modulo p*. In compliance with Theorem 8.1, n must 
divide 6(p*) = p*—!(p — 1). Because r” = 1 (mod p*) yields r” = 1 (mod p), we 
also have p — 1|n. (Theorem 8.1 serves again.) Consequently, n assumes the form 
n = p™(p — 1), where 0 < m < k —1. If it happened that n 4 p*—!(p — 1), then 
p*-*(p — 1) would be divisible by n and we would arrive at 


7?) = 1 (mod p*) 
contradicting the way in which r was initially chosen. Therefore, n = p*—!(p — 1) and 
r is a primitive root for p*. 
This leaves only the case 2p* for our consideration. 


Corollary. There are primitive roots for 2p*, where p is an odd prime and k > 1. 


Proof. Let r be a primitive root for p*. There is no harm in assuming that r is an odd 
integer; for, if it is even, then r + p* is odd and is still a primitive root for p*. Then 
gcd(r, 2p*) = 1. The order n of r modulo 2 p* must divide 


o(2p*) = $(2)h(p*) = o(p*) 


But r” = 1 (mod 2p*) implies that r” = 1 (mod p*), and therefore $(p*) | n. Together 
these divisibility conditions force n = ¢(2p*), making r a primitive root of 2p*. 


The prime 5 has $(4) = 2 primitive roots, namely, the integers 2 and 3. Because 


2>-'=1641(mod25) and 3° '=6#1 (mod 25) 


these also serve as primitive roots for 5* and, hence, for all higher powers of 5. The 
proof of the last corollary guarantees that 3 is a primitive root for all numbers of the 
form 2 - 5*. 

In Theorem 8.10 we summarize what has been accomplished. 
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Theorem 8.10. An integer n > 1 has a primitive root if and only if 
n= 2,4, Dr: or 2p* 


where p is an odd prime. 


Proof. By virtue of Theorems 8.7 and 8.8, the only positive integers with primitive 
roots are those mentioned in the statement of our theorem. It may be checked that 1 is 
a primitive root for 2, and 3 is a primitive root of 4. We have just finished proving that 
primitive roots exist for any power of an odd prime and for twice such a power. 


This seems the opportune moment to mention that Euler gave an essentially 


correct (although incomplete) proof in 1773 of the existence of primitive roots for 


any 


prime p and listed all the primitive roots for p < 37. Legendre, using Lagrange’s 


theorem, managed to repair the deficiency and showed (1785) that there are ¢(d) 
integers of order d for each d | (p — 1). The greatest advances in this direction were 
made by Gauss when, in 1801, he published a proof that there exist primitive roots 
of n if and only if n = 2, 4, p*, and 2p*, where p is an odd prime. 


PROBLEMS 8.3 


1. 


2. 


(a) Find the four primitive roots of 26 and the eight primitive roots of 25. 

(b) Determine all the primitive roots of 37, 33, and 3+. 

For an odd prime p, establish the following facts: 

(a) There are as many primitive roots of 2p” as of p”. 

(b) Any primitive root r of p” is also a primitive root of p. 
[Hint: Let r have order k modulo p. Show that r?* = 1 (mod p?),...,r?" * 
1 (mod p”) and, hence, @(p”) | p”~'k.] 

(c) A primitive root of p? is also a primitive root of p” forn > 2. 


. If r is a primitive root of p*, p being an odd prime, show that the solutions of the 


congruence x?~! = 1 (mod p?) are precisely the integers r?, r??,..., rP~ DP. 


. (a) Prove that 3 is a primitive root of all integers of the form 7* and 2 - 7*. 


(b) Find a primitive root for any integer of the form 17*. 


. Obtain all the primitive roots of 41 and 82. 
. (a) Prove that a primitive root r of p*, where p is an odd prime, is a primitive root of 


2p* if and only if r is an odd integer. 
(b) Confirm that 3, 33, 3°, and 3° are primitive roots of 578 = 2 - 17”, but that 34 and 
3!7 are not. 


. Assume that r is a primitive root of the odd prime p and (r + tp)?~! # 1 (mod p?). 


Show that r + tp is a primitive root of p* for each k > 1. 


. Ifn = 2% pi! ps? --- p* is the prime factorization of n > 1, define the universal exponent 


h(n) of n by 
Mn) = Iem(A(2"), o(p), ..., 6(p*)) 


where (2) = 1, A(27) = 2, and A(2*) = 2*-? fork > 3. Prove the following statements 
concerning the universal exponent: 
(a) Forn = 2,4, p*, 2p*, where p is an odd prime, A(n) = ¢(n). 
(b) If gcd(a, 2*) = 1, then a*) = 1 (mod 2). 
[Hint: For k > 3, use induction on k and the fact that A(2*+!) = 2a(2*).] 
(c) If gcd(a, n) = 1, then a*” = 1 (mod n). 
[Hint: For each prime power p* occurring inn, a*” = 1 (mod p*).] 
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9. Verify that, for 5040 = 24 . 3? - 5-7, 4(5040) = 12 and $(5040) = 1152. 

10. Use Problem 8 to show that ifn 4 2,4, p*, 2p*, where p is an odd prime, then has no 
primitive root. 
[Hint: Except for the cases 2, 4, p*, 2p*, we have A(n) | 5H(n); hence, gcd(a,n) = 1 
implies that a?/? = 1 (mod n).] 

11. (a) Prove that if gcd(a,n) = 1, then the linear congruence ax = b (mod n) has the 

solution x = ba*”-! (mod n). 

(b) Use part (a) to solve the congruences 13x = 2 (mod 40) and 3x = 13 (mod 77). 


8.4 THE THEORY OF INDICES 


The remainder of the chapter is concerned with a new idea, the concept of index. 
This was introduced by Gauss in his Disquisitiones Arithmeticae. 

Let n be any integer that admits a primitive root r. As we know, the first 6(n) 
powers of r, 


ae r’, ad 7?) 


are congruent modulo n, in some order, to those integers less than n and relatively 
prime to it. Hence, if a is an arbitrary integer relatively prime to n, then a can be 
expressed in the form 


a =r* (modn) 


for a suitable choice of k, where 1 < k < ¢(n). This allows us to frame the following 
definition. 


Definition 8.3. Let r be a primitive root of n. If gcd(a,n) = 1, then the smallest 
positive integer k such that a = r* (mod n) is called the index of a relative to r. 


Customarily, we denote the index of a relative to r by ind, a or, if no confusion 
is likely to occur, by ind a. Clearly, 1 < ind, a < $(n) and 


ind, a 


r = a (mod n) 


The notation ind, a is meaningless unless gcd(a, n) = 1; in the future, this will be 
tacitly assumed. 
For example, the integer 2 is a primitive root of 5 and 


Va2 PaeA4 P=_3 £42*=1(mod5) 
It follows that 
ind 1=4 ind, 2 = 1 ind, 3 = 3 ind, 4=2 


Observe that indices of integers that are congruent modulo n are equal. Thus, 
when setting up tables of values for ind a, it suffices to consider only those integers 
a less than and relatively prime to the modulus n. To see this, let a = b (mod n), 
where a and b are taken to be relatively prime to n. Because r?4 = a (mod n) and 
rindb = b (mod n), we have 


pinda = pind (mod n) 
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Invoking Theorem 8.2, it may be concluded that ind a = ind b (mod ¢(n)). But, 
because of the restrictions on the size of ind a and ind J, this is only possible when 
ind a = ind b. 

Indices obey rules that are reminiscent of those for logarithms, with the primitive 
root playing a role analogous to that of the base for the logarithm. 


Theorem 8.11. If has a primitive root r and ind a denotes the index of a relative to 
r, then the following properties hold: 


(a) ind (ab) = inda + ind b (mod ¢(n)). 
(b) ind a* = k ind a (mod ¢(n)) fork > 0. 
(c) ind 1 = 0 (mod ¢(n)), indr = 1 (mod ¢(n)). 


Proof. By the definition of index, r"4¢ = a (mod n) and ri™4> = b (mod n). Multi- 
plying these congruences together, we obtain 


yinda-+ind b =ab (mod n) 


But ri"4@>) = ab (mod n), so that 


yinda-+ind b = yind(ab) (mod n) 


It may very well happen that ind a + ind b exceeds ¢(n). This presents no problem, 
for Theorem 8.2 guarantees that the last equation holds if and only if the exponents are 
congruent modulo ¢(n); that is, 


inda+ ind b = ind (ab) (mod ¢(n)) 
which is property (a). 
The proof of property (b) proceeds along much the same lines. For we have 
rinda® — g* (mod n), and by the laws of exponents, r*ind¢ = (rindayk = gk (mod n); 
hence, 


Caen : 
yinda = kinda (mod n) 


As above, the implication is that ind a* = k ind a (mod ¢(n)). The two parts of property 
(c) should be fairly apparent. 


The theory of indices can be used to solve certain types of congruences. For 
instance, consider the binomial congruence 


x*=a(modn) k>2 
where n is a positive integer having a primitive root and gcd(a,n)=1. By 


properties (a) and (b) of Theorem 8.11, this congruence is entirely equivalent to 
the linear congruence 


k ind x = inda (mod ¢(n)) 


in the unknown ind x. If d = gcd(k, @(n)) andd J inda, there is no solution. But, if 
d | inda, then there are exactly d values of ind x that will satisfy this last congruence; 
hence, there are d incongruent solutions of x* = a (mod n). 

The case in which k = 2 and n = p, with p an odd prime, is particularly im- 
portant. Because gcd(2, p — 1) = 2, the foregoing remarks imply that the quadratic 
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congruence x* = a (mod p) has a solution if and only if 2| ind a; when this con- 


dition is fulfilled, there are exactly two solutions. If 7 is a primitive root of p, then 
rK1<k< p — 1) runs modulo p through the integers 1,2,..., p — 1, in some 
order. The even powers of r produce the values of a for which the congruence 
x* = a (mod p) is solvable; there are precisely (p — 1)/2 such choices for a. 


Example 8.4. For an illustration of these ideas, let us solve the congruence 
4x? = 7 (mod 13) 


A table of indices can be constructed once a primitive root of 13 is fixed. Using the 
primitive root 2, we simply calculate the powers 2, 27, ..., 2!2 modulo 13. Here, 


A) 2?=6 ae 5 
2 =4 =) 210) 
= 8 peas I ae 
= 2 = 9 Dial 


all congruences being modulo 13; hence, our table is 


Taking indices, the congruence 4x? = 7 (mod 13) has a solution if and only if 
indz 4+ 9 indy x = ind, 7 (mod 12) 


The table gives the values ind2 4 = 2 and ind2 7 = 11, so that the last congruence 
becomes 9 ind2 x = 11 — 2 =9 (mod 12), which, in turn, is equivalent to having 
indy x = 1 (mod 4). It follows that 


ind, x = 1,5, or9 


Consulting the table of indices once again, we find that the original congruence 
4x? = 7 (mod 13) possesses the three solutions 


x = 2,5, and 6 (mod 13) 


If a different primitive root is chosen, we obviously obtain a different value for the 
index of a; but, for purposes of solving the given congruence, it does not really matter 
which index table is available. The ¢(@(13)) = 4 primitive roots of 13 are obtained 
from the powers 2*(1 < k < 12), where 


gcd(k, f(13)) = ged(k, 12) = 1 
These are 
eS?) PS 6 Baa 9o = 7aned 13) 


The index table for, say, the primitive root 6 is displayed below: 
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Employing this table, the congruence 4x? = 7 (mod 13) is replaced by 
indg 4 + 9 indg x = indg 7 (mod 12) 
or, rather, 
9 indg x = 7 — 10 = —3 = 9 (mod 12) 
Thus, indg x = 1, 5, or 9, leading to the solutions 
x = 2,5, and 6 (mod 13) 


as before. 
The following criterion for solvability is often useful. 


Theorem 8.12. Let 1 be an integer possessing a primitive root and let gcd(a, n) = 1. 
Then the congruence x* = a (mod n) has a solution if and only if 


a®™/4 = | (mod n) 


where d = gcd(k, @(n)); if it has a solution, there are exactly d solutions modulo n. 


Proof. Taking indices, the congruence a?™/4 = 1 (mod n) is equivalent to 


g(n) ind a = 0 (mod ¢(n)) 


which, in turn, holds if and only if d | ind a. But we have just seen that the latter is a 
necessary and sufficient condition for the congruence x* = a (mod n) to be solvable. 


Corollary. Let p be a prime and gcd(a, p) = 1. Then the congruence x* = a (mod p) 
has a solution if and only if a?—/4 = 1 (mod p), where d = gcd(k, p — 1). 


Example 8.5. Let us consider the congruence 


x? = 4 (mod 13) 


In this setting, d = gcd(3, (13)) = ged(3, 12) = 3, and therefore 6(13)/d = 4. Be- 
cause 44 = 9 1 (mod 13), Theorem 8.12 asserts that the given congruence is not 
solvable. 

On the other hand, the same theorem guarantees that 


x? = 5 (mod 13) 


possesses a solution (in fact, there are three incongruent solutions modulo 13); for, in 
this case, 5+ = 625 = 1 (mod 13). These solutions can be found by means of the index 
calculus as follows: the congruence x? = 5 (mod 13) is equivalent to 


3 indz x = 9 (mod 12) 
which becomes 
indy x = 3 (mod 4) 
This last congruence admits three incongruent solutions modulo 12, namely, 


ind, x = 3,7, or 11 
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The integers corresponding to these indices are, respectively, 8, 11, and 7, so that the 
solutions of the congruence x? = 5 (mod 13) are 


x = 7, 8, and 11 (mod 13) 


PROBLEMS 8.4 


10. 


11. 


. Find the index of 5 relative to each of the primitive roots of 13. 
. Using a table of indices for a primitive root of 11, solve the following congruences: 


(a) 7x3 = 3 (mod 11). 
(b) 3x4 = 5 (mod 11). 
(c) x8 = 10 (mod 11). 


. The following is a table of indices for the prime 17 relative to the primitive root 3: 


a} 1 23 4 5 6 7 8 9 10 11 #12 13 14 15 16 


indja}16 14 1 12 5 15 11 10 2 3 7 13 4 9 6 8 


With the aid of this table, solve the following congruences: 
(a) x!2 = 13 (mod 17). 

(b) 8x° = 10 (mod 17). 

(c) 9x8 = 8 (mod 17). 

(d) 7 =7 (mod 17). 


. Find the remainder when 34 - 5)? is divided by 17. 


[Hint: Use the theory of indices.] 


. Ifr andr’ are both primitive roots of the odd prime p, show that for gcd(a, p) = 1 


ind, a = (ind, a)(ind, r) (mod p — 1) 


This corresponds to the rule for changing the base of logarithms. 


. (a) Construct a table of indices for the prime 17 with respect to the primitive root 5. 


[Hint: By the previous problem, inds a = 13 ind3 a (mod 16).]} 
(b) Solve the congruences in Problem 3, using the table in part (a). 


. If r is a primitive root of the odd prime p, verify that 


ind, (—1) = ind, (p— 1) = 5(p -1) 


. (a) Determine the integers a(1 < a < 12) such that the congruence ax* = b (mod 13) 


has a solution for b = 2, 5, and 6. 
(b) Determine the integers a(1 < a < p — 1) such that the congruence x* = a (mod p) 
has a solution for p = 7, 11, and 13. 


. Employ the corollary to Theorem 8.12 to establish that if p is an odd prime, then 


(a) x? = —1 (mod p) is solvable if and only if p = 1 (mod 4). 

(b) x* = —1 (mod p) is solvable if and only if p = 1 (mod 8). 

Given the congruence x? = a (mod p), where p > 5 is a prime and gcd(a, p) = 1, prove 

the following: 

(a) If p = 1 (mod 6), then the congruence has either no solutions or three incongruent 
solutions modulo p. 

(b) If p = 5 (mod 6), then the congruence has a unique solution modulo p. 

Show that the congruence x? = 3 (mod 19) has no solutions, whereas x? = 11 (mod 19) 

has three incongruent solutions. 
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Determine whether the two congruences x> = 13 (mod 23) and x’ = 15 (mod 29) are 
solvable. 
If p is a prime and gcd(k, p — 1) = 1, prove that the integers 


[23s (pa) 


form a reduced set of residues modulo p. 

Let be a primitive root of the odd prime p, and letd = gcd(k, p — 1). Prove that the val- 
ues of a for which the congruence x* = a (mod p) is solvable are r?, r27,... , r!@-D/4l4, 
If r is a primitive root of the odd prime p, show that 


“4 
ind. (p= 0) = ind, a + P=" (mod p — 1) 


and, consequently, that only half of an index table need be calculated to complete the 
table. 
(a) Letr bea primitive root of the odd prime p. Establish that the exponential congruence 


a* = b (mod p) 


has a solution if and only if d | ind, b, where the integer d = gcd(ind, a, p — 1); in 
this case, there are d incongruent solutions modulo p — 1. 

(b) Solve the exponential congruences 4* = 13 (mod 17) and 5* = 4 (mod 19). 

For which values of b is the exponential congruence 9* = b (mod 13) solvable? 


CHAPTER 


9 


THE QUADRATIC RECIPROCITY LAW 


The moving power of mathematical invention is not reasoning but imagination. 
A. DEMORGAN 


9.1 EULER’S CRITERION 


As the heading suggests, the present chapter has as its goal another major contribu- 
tion of Gauss: the Quadratic Reciprocity Law. For those who consider the theory of 
numbers “the Queen of Mathematics,” this is one of the jewels in her crown. The 
intrinsic beauty of the Quadratic Reciprocity Law has long exerted a strange fasci- 
nation for mathematicians. Since Gauss’s time, over a hundred proofs of it, all more 
or less different, have been published (in fact, Gauss himself eventually devised 
seven). Among the eminent mathematicians of the 19th century who contributed 
their proofs appear the names of Cauchy, Jacobi, Dirichlet, Eisenstein, Kronecker, 
and Dedekind. 

Roughly speaking, the Quadratic Reciprocity Law deals with the solvability of 
quadratic congruences. Therefore, it seems appropriate to begin by considering the 
congruence 


ax? + bx +c =0 (mod p) (1) 


where p is an odd prime and a ¥ 0 (mod p); that is, gcd(a, p) = 1. The supposition 
that p is an odd prime implies that gcd(4a, p) = 1. Thus, the quadratic congruence 
in Eq. (1) is equivalent to 


Aa(ax* + bx +c) =0 (mod P) 
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By using the identity 
Aa(ax” + bx +c) = (2ax + by — (b* — 4ac) 
the last-written quadratic congruence may be expressed as 
(2ax + b)* = (b” — 4ac) (mod p) 
Now put y = 2ax + b and d = b* — 4ac to get 
y? = d (mod p) (2) 


If x = xo (mod p) isa solution of the quadratic congruence in Eq. (1), then the integer 
y = 2axo + b (mod p) satisfies the quadratic congruence in Eq. (2). Conversely, if 
y = yo (mod p) is a solution of the quadratic congruence in Eq. (2), then 2ax = 
yo — b (mod p) can be solved to obtain a solution to Eq. (1). 

Thus, the problem of finding a solution to the quadratic congruence in Eq. (1) 
is equivalent to that of finding a solution to a linear congruence and a quadratic 
congruence of the form 


x? =a (mod p) (3) 


If p|a, then the quadratic congruence in Eq. (3) has x = 0 (mod p) as its only 
solution. To avoid trivialities, let us agree to assume hereafter that p / a. 

Granting this, whenever x” = a (mod p) admits a solution x = xo, there is also 
a second solution x = p — xo. This second solution is not congruent to the first. 
For x9 = p — Xo (mod p) implies that 2x9 = 0 (mod p), or x9 = 0 (mod p), which 
is impossible. By Lagrange’s theorem, these two solutions exhaust the incongruent 
solutions of x? = a (mod p). In short: x* = a (mod p) has exactly two solutions or 
no solutions. 

A simple numerical example of what we have just said is provided by the 
quadratic congruence 


5x* — 6x +2 =0 (mod 13) 
To obtain the solution, we replace this congruence by the simpler one 
y” = 9 (mod 13) 
with solutions y = 3, 10 (mod 13). Next, solve the linear congruences 
10x = 9 (mod 13) 10x = 16 (mod 13) 


It is not difficult to see that x = 10, 12 (mod 13) satisfy these equations and, by our 
previous remarks, also the original quadratic congruence. 

The major effort in this presentation is directed toward providing a test for the 
existence of solutions of the quadratic congruence 


x? =a (mod p) gcd(a, p) = 1 (4) 


To put it differently, we wish to identify those integers a that are perfect squares 
modulo p. 
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Some additional terminology will help us to discuss this situation concisely. 


Definition 9.1. Let p be an odd prime and gcd(a, p) = 1. If the quadratic congruence 
x? =a (mod p)has a solution, then a is said to be a quadratic residue of p. Otherwise, 
a is called a quadratic nonresidue of p. 


The point to bear in mind is that if a = b (mod p), then a is a quadratic residue 
of p if and only if b is a quadratic residue of p. Thus, we only need to determine 
the quadratic character of those positive integers less than p to ascertain that of any 
integer. 


Example 9.1. Consider the case of the prime p = 13. To find out how many of the 
integers 1, 2, 3,...,12 are quadratic residues of 13, we must know which of the 
congruences 


x? = a (mod 13) 


are solvable when a runs through the set {1, 2, ..., 12}. Modulo 13, the squares of the 
integers 1, 2,3,..., 12 are 

ie Pe all 

2114 

37=10? =9 

v=o =3 

= S012 

C=7 =10 


Consequently, the quadratic residues of 13 are 1, 3, 4, 9, 10, 12, and the nonresidues 
are 2, 5, 6, 7, 8, 11. Observe that the integers between 1 and 12 are divided equally 
among the quadratic residues and nonresidues; this is typical of the general situation. 

For p = 13 there are two pairs of consecutive quadratic residues, the pairs 3, 4 
and 9, 10. It can be shown that for any odd prime p there are 4(p — 4 — (—1)(?-)/?) 
consecutive pairs. 


Euler devised a simple criterion for deciding whether an integer a is a quadratic 
residue of a given prime p. 


Theorem 9.1 Euler’s criterion. Let p be an odd prime and gcd(a, p) = 1. Then a 
is a quadratic residue of p if and only if a’?—/* = 1 (mod p). 


Proof. Suppose that a is a quadratic residue of p, so that x* =a (mod p) admits a 
solution, call it x;. Because gcd(a, p) = 1, evidently gcd(x;, p) = 1. We may therefore 
appeal to Fermat’s theorem to obtain 


a ~1)/2 
a? D2 = (x2)?-P? = xP! = 1 (mod p) 


For the opposite direction, assume that the congruence a‘?—)/? = 1 (mod p) 
holds and let r be a primitive root of p. Then a = r* (mod p) for some integer k, with 
1 <k < p —1. It follows that 


php-D/2 — gP-D/2 =] (mod p) 
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By Theorem 8.1, the order of r (namely, p — 1) must divide the exponent k(p — 1)/2. 
The implication is that k is an even integer, say k = 27. Hence, 


(r/)? = r7J = r* =a (mod p) 


making the integer r/ a solution of the congruence x* = a (mod p). This proves that 
a is a quadratic residue of the prime p. 


Now if p (as always) is an odd prime and gcd(a, p) = 1, then 
(aP-D/2 _ 1y(q?—Y/2 4.1) = a?! ~ 1 =0 (mod p) 
the last congruence being justified by Fermat’s theorem. Hence, either 
a?-Y/2 =] (mod p) or a¥?—)/? = —1 (mod p) 


but not both. For, if both congruences held simultaneously, then we would have 
1 = —1 (mod p), or equivalently, p | 2, which conflicts with our hypothesis. Because 
a quadratic nonresidue of p does not satisfy a?~)/? = 1 (mod p), it must therefore 
satisfy a?—)/* = —1 (mod p). This observation provides an alternate formulation 
of Euler’s criterion: the integer a is a quadratic nonresidue of the prime p if and only 
if a’?—-)/? = —] (mod p). 

Putting the various pieces together, we come up with the following corollary. 


Corollary. Let p be an odd prime and gced(a, p) = 1. Then a is a quadratic residue or 
nonresidue of p according to whether 


a?—-VI2 = 1 (mod p) or a?~/? = —1 (mod p) 


Example 9.2. In the case where p = 13, we find that 
203-D/2 — 2° = 64 = 12 = —1 (mod 13) 


Thus, by virtue of the last corollary, the integer 2 is a quadratic nonresidue of 13. 
Because 


3(3-D/2 — 36 = (27)? = 1° = 1 (mod 13) 


the same result indicates that 3 is a quadratic residue of 13 and so the congruence 
x? = 3 (mod 13) is solvable; in fact, its two incongruent solutions are x = 4 and 
9 (mod 13). 


There is an alternative proof of Euler’s criterion (due to Dirichlet) that is longer, 
but perhaps more illuminating. The reasoning proceeds as follows. Let a be a 
quadratic nonresidue of p and let c be any one of the integers 1, 2,..., p—1. 
By the theory of linear congruences, there exists a solution c’ of cx = a (mod p), 
with c’ also in the set {1,2,..., p — 1}. Note that c’ 4 c; otherwise we would have 
c* =a (mod Pp), which contradicts what we assumed. Thus, the integers between 1 


and p — 1 can be divided into (p — 1)/2 pairs, c, c’, where cc’ = a (mod p). This 
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leads to (p — 1)/2 congruences, 
cic, = a (mod p) 


coc, = a (mod p) 


C(p-1)/2€(p-1/2. = 4 (mod p) 
Multiplying them together and observing that the product 
C1C{C2C9 * + C(p—1)/2H_v/2 
is simply a rearrangement of 1 -2-3---(p — 1), we obtain 
(p — 1)! =a?—Y/? (mod p) 


At this point, Wilson’s theorem enters the picture; for, (p — 1)! = —1 (mod p), so 
that 


a?-Y/2 = _] (mod P) 


which is Euler’s criterion when a is a quadratic nonresidue of p. 

We next examine the case in which a is a quadratic residue of p. In this setting 
the congruence x” = a (mod p) admits two solutions x = x; and x = p — x1, for 
some x, satisfying 1 < x; < p—1. If x; and p — x; are removed from the set 
{1,2,..., p — 1}, then the remaining p — 3 integers can be grouped into pairs c, c’ 
(where c # c’) such that cc’ = a (mod p). To these (p — 3)/2 congruences, add the 
congruence 


x\(p — x1) = —x} = —a (mod p) 
Upon taking the product of all the congruences involved, we arrive at the relation 
(p — 1)! = —a®-” (mod p) 
Wilson’s theorem plays its role once again to produce 
a? Y/? = 1 (mod p) 


Summing up, we have shown that a?~)/? = 1 (mod p) or a?~)/? = —1 (mod p) 
according to whether a is a quadratic residue or nonresidue of p. 

Euler’s criterion is not offered as a practical test for determining whether a given 
integer is or is not a quadratic residue; the calculations involved are too cumbersome 
unless the modulus is small. But as a crisp criterion, easily worked with for theoretic 
purposes, it leaves little to be desired. A more effective method of computation is 
embodied in the Quadratic Reciprocity Law, which we shall prove later in the chapter. 


PROBLEMS 9.1 


1. Solve the following quadratic congruences: 
(a) x? + 7x + 10 = 0 (mod 11). 
(b) 3x2 + 9x +7 = 0 (mod 13). 
(c) 5x? + 6x + 1 = 0 (mod 23). 
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. Prove that the quadratic congruence 6x” + 5x + 1 = 0 (mod p) has a solution for every 


prime p, even though the equation 6x? + 5x + 1 = O has no solution in the integers. 


. (a) For an odd prime p, prove that the quadratic residues of p are congruent modulo p 


to the integers 


2. A2A2 p= # 
Lee 3s ek ———— 
2 


(b) Verify that the quadratic residues of 17 are 1, 2,4, 8, 9, 13, 15, 16. 


. Show that 3 is a quadratic residue of 23, but a nonresidue of 31. 
. Given that a is a quadratic residue of the odd prime p, prove the following: 


(a) a is not a primitive root of p. 

(b) The integer p — a is a quadratic residue or nonresidue of p according as p = 1 
(mod 4) or p = 3 (mod 4). 

(c) If p = 3 (mod 4), then x = ta+/4 (mod p) are the solutions of the congruence 
x* =a (mod p). 


. Let p be an odd prime and gcd(a, p) = 1. Establish that the quadratic congruence 


ax? + bx +c = 0(mod p)is solvable if and only if b? — 4ac is either zero or a quadratic 
residue of p. 


. If p = 2* + 1 is prime, verify that every quadratic nonresidue of p is a primitive root 


of p. 
[Hint: Apply Euler’s criterion. ] 


. Assume that the integer r is a primitive root of the prime p, where p = 1 (mod 8). 


(a) Show that the solutions of the quadratic congruence x” = 2 (mod p) are given by 
x= +(r7P-D/8 Zs rP—D/8) (mod p) 


[Hint: First confirm that r3—-)/2 = —1 (mod p).] 
(b) Use part (a) to find all solutions to the two congruences x* = 2(mod 17) and x? = 
(mod 41). 


. (a) If ab =r (mod p), where r is a quadratic residue of the odd prime p, prove that a 


and b are both quadratic residues of p or both nonresidues of p. 
(b) If a and b are both quadratic residues of the odd prime p or both nonresidues of p, 
show that the congruence ax* = b (mod p) has a solution. 
[Hint: Multiply the given congruence by a’ where aa’ = 1 (mod p).] 
Let p be an odd prime and gcd(a, p) = gcd(b, p) = 1. Prove that either all three of the 
quadratic congruences 


x* =a (mod DP) x =b (mod p) x? =ab (mod p) 


are solvable or exactly one of them admits a solution. 
(a) Knowing that 2 is a primitive root of 19, find all the quadratic residues of 19. 

[Hint: See the proof of Theorem 9. 1.] 
(b) Find the quadratic residues of 29 and 31. 
Ifn > 2 and gcd(a, n) = 1, thena is called a quadratic residue of n whenever there exists 
an integer x such that x? = a (mod n). Prove that if a is a quadratic residue of n > 2, 
then a?/2 = 1 (mod n). 
Show that the result of the previous problem does not provide a sufficient condition for 
the existence of a quadratic residue of n; in other words, find relatively prime integers 
a and n, with a®”/* = 1 (mod n), for which the congruence x? = a (mod n) is not 
solvable. 
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9.2 THE LEGENDRE SYMBOL AND ITS PROPERTIES 


Euler’s studies on quadratic residues were further developed by the French math- 
ematician Adrien Marie Legendre (1752-1833). Legendre’s memoir “Recherches 
d’ Analyse Indéterminée” (1785) contains an account of the Quadratic Reciprocity 
Law and its many applications, a sketch of a theory of the representation of an 
integer as the sum of three squares, and the statement of a theorem that was later 
to become famous: Every arithmetic progression ax + b, where gcd(a, b) = 1, 
contains an infinite number of primes. The topics covered in “Recherches” were 
taken up in a more thorough and systematic fashion in his Essai sur la Théorie 
des Nombres, which appeared in 1798. This represented the first “modern” 
treatise devoted exclusively to number theory, its precursors being translations 
or commentaries on Diophantus. Legendre’s Essai was subsequently expanded 
into his Théorie des Nombres. The results of his later research papers, inspired 
to a large extent by Gauss, were included in 1830 in a two-volume third edition 
of the Théorie des Nombres. This remained, together with the Disquisitiones 
Arithmeticae of Gauss, a standard work on the subject for many years. Al- 
though Legendre made no great innovations in number theory, he raised fruitful 
questions that provided subjects of investigation for the mathematicians of the 
19th century. 

Before leaving Legendre’s mathematical contributions, we should mention that 
he is also known for his work on elliptic integrals and for his Eléments de Géométrie 
(1794). In this last book, he attempted a pedagogical improvement of Euclid’s 
Elements by rearranging and simplifying many of the proofs without lessening the 
rigor of the ancient treatment. The result was so favorably received that it became one 
of the most successful textbooks ever written, dominating instruction in geometry for 
over a century through its numerous editions and translations. An English translation 
was made in 1824 by the famous Scottish essayist and historian Thomas Carlyle, 
who was in early life a teacher of mathematics; Carlyle’s translation ran through 
33 American editions, the last not appearing until 1890. In fact, Legendre’s revision 
was used at Yale University as late as 1885, when Euclid’s Elements was finally 
abandoned as a text. 

Our future efforts will be greatly simplified by the use of the symbol (a@/ p); this 
notation was introduced by Legendre in his Essai and is called, naturally enough, 
the Legendre symbol. 


Definition 9.2. Let p be an odd prime and let gcd(a, p) = 1. The Legendre symbol 
(a/p) is defined by 


1 if a isa quadratic residue of p 


(a/p) = 


—1 ifaisa quadratic nonresidue of p 


For the want of better terminology, we shall refer to a as the numerator and p 
as the denominator of the symbol (a/p). Another standard notation for the Legendre 
symbol is (5), or (a | p). 
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Example 9.3. Let us look at the prime p = 13, in particular. Using the Legendre 
symbol, the results of an earlier example may be expressed as 


(1/13) = (3/13) = (4/13) = (9/13) = (10/13) = (12/13) = 1 
and 

(2/13) = (5/13) = (6/13) = (7/13) = (8/13) = (11/13) = -1 
Remark. For p | a, we have purposely left the symbol (a/p) undefined. Some authors 
find it convenient to extend Legendre’s definition to this case by setting (a/p) = 0. 


One advantage of this is that the number of solutions of x* =a (mod p) can then be 
given by the simple formula 1 + (a/p). 


The next theorem establishes certain elementary facts concerning the Legendre 


symbol. 


Theorem 9.2. Let p be an odd prime and let a and b be integers that are relatively 
prime to p. Then the Legendre symbol has the following properties: 


(a) If a = b (mod p), then (a/p) = (b/ p). 
(b) (a?/p) = 1. 

(c) (a/p) = a”-/? (mod p). 

(d) (ab/p) = (a/p)(b/p). 

(e) (1/p) = 1 and (—1/p) = (-1)?-”. 


Proof. \f a = b (mod p), then the two congruences x? =a (mod p) and a 
(mod p) have exactly the same solutions, if any at all. Thus, x? =a (mod p) and 
x? = b(mod p) are both solvable, or neither one has a solution. This is reflected in the 
statement (a/p) = (b/p). 

Regarding property (b), observe that the integer a trivially satisfies the congruence 
x* = a (mod p); hence, (a”/p) = 1. Property (c) is just the corollary to Theorem 9.1 
rephrased in terms of the Legendre symbol. We use (c) to establish property (d): 


(ab/p) = (aby?-)? = a? VP pP—-VI? = (a/p)(b/ p)(mod p) 


Now the Legendre symbol assumes only the values 1 or —1. If (ab/p) 4 (a/p)(b/ p), 
we would have 1 = —1 (mod p) or 2 = 0 (mod p); this cannot occur, because p > 2. 
It follows that 


(ab/p) = (a/p)(b/p) 


Finally, we observe that the first equality in property (e) is a special case of property 
(b), whereas the second one is obtained from property (c) upon setting a = —1. Because 
the quantities (—1/p) and (—1)-)/? are either 1 or —1, the resulting congruence 


(-1/p) = (-1)”-”” (mod p) 
implies that (—1/p) = (-1)?-)/?, 


From parts (b) and (d) of Theorem 9.2, we may also abstract the relation 


(f) (ab?/p) = (a/p)(b?/p) = (a/p) 
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In other words, a square factor that is relatively prime to p can be deleted from the 
numerator of the Legendre symbol without affecting its value. 

Because (p — 1)/2 is even for a prime p of the form 4k + 1 and odd for p 
of the form 4k + 3, the equation (—1/p) = (—1)”~)” permits us to add a small 
supplemental corollary to Theorem 9.2. 


Corollary. If p is an odd prime, then 

1 if p=1(mod4) 
Cl/p)= Be 
—1 if p=3(mod4) 


This corollary may be viewed as asserting that the quadratic congruence x* = 


—1 (mod p) has a solution for an odd prime p if and only if p is of the form 4k + 1. 
The result is not new, of course; we have merely provided the reader with a different 
path to Theorem 5.5. 


Example 9.4. Let us ascertain whether the congruence x? = —46 (mod 17) is solvable. 
This can be done by evaluating the Legendre symbol (—46/17). We first appeal to 
properties (d) and (e) of Theorem 9.2 to write 


(—46/17) = (—1/17)(46/17) = (46/17) 
Because 46 = 12 (mod 17), it follows that 
(46/17) = (12/17) 
Now property (f) gives 
(12/17) = (3- 27/17) = (3/17) 
But 
(3/17) = 307-D/2 = 38 = (81° = (—4)* = —1 (mod 17) 


where we make appropriate use of property (c) of Theorem 9.2; hence, (3/17) = —1. 
Inasmuch as (—46/17) = —1, the quadratic congruence x? = —46 (mod 17) admits 
no solution. 


The corollary to Theorem 9.2 lends itself to an application concerning the dis- 
tribution of primes. 


Theorem 9.3. There are infinitely many primes of the form 4k + 1. 


Proof. Suppose that there are finitely many such primes; let us call them pj, p2,..-, Dn 
and consider the integer 


N = (2pipo-+: Pn) +1 


Clearly N is odd, so that there exists some odd prime p with p| N. To put it another 
way, 


(2p) p2 +++ Pn)” = —1 (mod p) 
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or, if we prefer to phrase this in terms of the Legendre symbol, (—1/p) = 1. But the 
relation (—1/p) = 1 holds only if p is of the form 4k + 1. Hence, p is one of the primes 
pi, implying that p; divides N — (2p, p2--- Pn)*, or p; | 1, which is a contradiction. 
The conclusion: There must exist infinitely many primes of the form 4k + 1. 


We dig deeper into the properties of quadratic residues with Theorem 9.4. 


Theorem 9.4. If p is an odd prime, then 
p-1 
> @/p) =0 
a=1 


Hence, there are precisely (p — 1)/2 quadratic residues and (p — 1)/2 quadratic non- 
residues of p. 


Proof. Let r be a primitive root of p. We know that, modulo p, the powers r, 
r?,...,r?~ are just a permutation of the integers 1, 2,..., p — 1. Thus, for any 
a lying between 1 and p — 1, inclusive, there exists a unique positive integer k 
(1 <k < p—1), such that a = r* (mod p). By appropriate use of Euler’s criterion, 


we have 
(a/p) = (r*/p) = (r*) PD? = (r@-Y/?)k = (—1)* (mod p) (1) 


where, because r is a primitive root of p, r?—/2 = —1 (mod p). But (a/p) and (—1) 
are equal to either 1 or —1, so that equality holds in Eq. (1). Now add up the Legendre 
symbols in question to obtain 


p-1 p-1 
> @/p) = 5-1 = 0 
a=1 k=1 


which is the desired conclusion. 


The proof of Theorem 9.4 serves to bring out the following point, which we 
record as a corollary. 


Corollary. The quadratic residues of an odd prime p are congruent modulo p to the 
even powers of a primitive root r of p; the quadratic nonresidues are congruent to the 
odd powers of r. 


For an illustration of the idea just introduced, we again fall back on the prime 
p = 13. Because 2 is a primitive root of 13, the quadratic residues of 13 are given 
by the even powers of 2, namely, 


*=4 28 =9 
24 =3 210 — 10 
26 = 12 2)2 = 1 
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all congruences being modulo 13. Similarly, the nonresidues occur as the odd powers 
of 2: 


=o esl 
= 8 Pig — ioe) 
P=6 pkanaae | 
Most proofs of the Quadratic Reciprocity Law, and ours as well, rest ultimately 
upon what is known as Gauss’s lemma. Although this lemma gives the quadratic 


character of an integer, it is more useful from a theoretic point of view than as a 
computational device. We state and prove it below. 


Theorem 9.5  Gauss’s lemma. Let p be an odd prime and let gcd(a, p) = 1. If n 
denotes the number of integers in the set 


s = {a,2a,30,..., (25) a} 
2 


whose remainders upon division by p exceed p/2, then 


(a/p) = (-1)" 


Proof. Because gcd(a, p) = 1, none of the (p — 1)/2 integers in S is congruent to zero 
and no two are congruent to each other modulo p. Let 71, ..., 7 be those remainders 
upon division by p such that0 < 7; < p/2,and let s;, ..., 5, be those remainders such 
that p > s; > p/2. Thenm +n = (p — 1)/2, and the integers 

Fipecnan lie P—51,..-;D—Sn 


are all positive and less than p/2. 
To prove that these integers are all distinct, it suffices to show that no p — 5s; is 
equal to any r;. Assume to the contrary that 
p-Si =r j 
for some choice of i and j. Then there exist integers u andv, with] < u,v < (p — 1)/2, 
satisfying s; = ua (mod p) andr; = va (mod p). Hence, 
(u+v)a =s; +r; = p =0 (mod p) 


which says that u + v = 0 (mod p). But the latter congruence cannot take place, 
because 1 <u+v< p-—1l. 
The point we wish to bring out is that the (p — 1)/2 numbers 


Pligicaccieg Fy D—S1,.+-+,D— Sn 


are simply the integers 1,2, ...,(p — 1)/2, not necessarily in order of appearance. 
Thus, their product is [(p — 1)/2]!: 


| 

(2): Sew =): Oa) 
=11-+-lm(—S1)--+(—Sp) (mod p) 
= (—1)"71 +--+ 7m51 +++ S_, (mod p) 
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But we know that r1,...,/m, 51,-.-,5, are congruent modulo p to a, 2a,..., 
[(p — 1)/2]a, in some order, so that 


(2 =):sc0ra-20-- (45 


= (—1)"a?-b? (2): (mod p) 


Because [(p — 1)/2]! is relatively prime to p, it may be canceled from both sides of 
this congruence to give 


-) a (mod p) 


1 =(-1)"a?-” (mod p) 
or, upon multiplying by (—1)’, 
a'P-V/2 = (—1)" (mod p) 
Use of Euler’s criterion now completes the argument: 
(a/p) =a?~? = (-1)" (mod p) 
which implies that 
(a/p) = (-1)" 
By way of illustration, let p = 13 anda = 5. Then (p — 1)/2 = 6, so that 
S=45,-10; 15,20, 25,30} 
Modulo 13, the members of S are the same as the integers 
3,10; 25-7, 1254 
Three of these are greater than 13/2; hence, n = 3, and Theorem 9.5 says that 
(5/13) = (-1° = -1 
Gauss’s lemma allows us to proceed to a variety of interesting results. For one 
thing, it provides a means for determining which primes have 2 as a quadratic residue. 


Theorem 9.6. If p is an odd prime, then 


1 if p =1 (mod 8) or p = 7 (mod 8) 


(2/p) = i if p = 3 (mod 8) or p = 5 (mod 8) 


Proof. According to Gauss’s lemma, (2/ p) = (—1)", where n is the number of integers 


in the set 
ead 
ee {1-2,2-2,3-2,...,(2=*) 2} 


which, upon division by p, have remainders greater than p/2. The members of S are 
all less than p, so that it suffices to count the number that exceed p/2. For 1 <k < 
(p — 1)/2, we have 2k < p/2if and only ifk < p/4. If[] denotes the greatest integer 
function, then there are [p/4] integers in S less than p/2; hence, 


nest 


is the number of integers that are greater than p/2. 
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Now we have four possibilities, for any odd prime has one of the forms 8k + 1, 
8k + 3, 8k + 5, or 8k + 7. A simple calculation shows that 


1 
if p= 8k-+ L,then n = 4k — | 2k-+ 5] = 4k ~ 2k = 2k 
: 3 
if p= 8k-+ 3.thenn = 4k +1 |2k-+ 3] =A + 1-2 = HI 


1 
if p= Bk-+ S.thenn = 4k-+2—[2k-+14 | 
= 4k +2 — Ok 41) = 2k 
3 
if p= 8k-+7.thenn = 4k+3—[2k-+14 3] 


= 4k +3—(2k+1)=2k+2 


Thus, when p is of the form 8k + 1 or 8k +7, n is even and (2/p) = 1; on the 
other hand, when p assumes the form 8k + 3 or 8k + 5, n is odd and (2/p) = —1. 


Notice that if the prime p is of the form 8k + 1 (equivalently, p = 1 (mod 8) or 
p =7 (mod 8)), then 
p?—1_  (®k+1—-1 64k? + 16k 


——____ = 8k* + 2k 
8 8 8 


which is an even integer; in this situation, (—1)~)/8 = 1 = (2/p). On the 
other hand, if p is of the form 8k +3 (equivalently, p =3 (mod 8) or p=5 
(mod 8)), then 


p?-1 (8K+3)?—-1 64k? 448K +8 


= = 8k*+6k+1 
8 8 8 Bs 


which is odd; here, we have (—1)”’~)/8 = —1 = (2/p). These observations are 
incorporated in the statement of the following corollary to Theorem 9.6. 


Corollary. If p is an odd prime, then 
(2/p) =(-1" 8 


It is time for another look at primitive roots. As we have remarked, there is no 
general technique for obtaining a primitive root of an odd prime p; the reader might, 
however, find the next theorem useful on occasion. 


Theorem 9.7. If p and 2p + 1 are both odd primes, then the integer (—1)?~)/?2 is a 
primitive root of 2p + 1. 


Proof. For ease of discussion, let us put g = 2p + 1. We distinguish two cases: p = 
1 (mod 4) and p = 3 (mod 4). 
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If p = 1 (mod 4), then (—1)%-)/?2 = 2. Because $(q) = g — 1 = 2p, the order of 
2 modulo q is one of the numbers 1, 2, p, or 2p. Taking note of property (c) of 
Theorem 9.2, we have 


(2/q) = 29-2 = 2? (mod qg) 


But, in the present setting, gq = 3 (mod 8); whence, the Legendre symbol (2/q) = —1. 
It follows that 2? = —1 (mod gq), and therefore 2 cannot have order p modulo q. 
The order of 2 being neither 1, 2, (27 = 1 (mod q) implies that g | 3, which is an 
impossibility) nor p, we are forced to conclude that the order of 2 modulo gq is 2p. 
This makes 2 a primitive root of q. 

We now deal with the case p = 3 (mod 4). This time, (—1)?~?/22 = —2 and 


(—2)? = (—2/q) = (—1/¢)(2/q) (mod q) 


Because gq = 7 (mod 8), the corollary to Theorem 9.2 asserts that (—1/q) = —1, 
whereas once again we have (2/q) = 1. This leads to the congruence (—2)? = —1 
(mod q). From here on, the argument duplicates that of the last paragraph. Without 
analyzing further, we announce the decision: —2 is a primitive root of the prime q. 


Theorem 9.7 indicates, for example, that the primes 11, 59, 107, and 179 have 
2 as a primitive root. Likewise, the integer —2 serves as a primitive root for 7, 23, 
47, and 167. 

Before retiring from the field, we should mention another result of the same 
character: if both p and 4p + 1 are primes, then 2 is a primitive root of 4p + 1. 
Thus, to the list of prime numbers having 2 for a primitive root, we could add, say, 
13, 29, 53, and 173. 

An odd prime p such that 2p + 1 is also a prime is called a Germain prime, after 
the French number theorist Sophie Germain (1776-1831). An unresolved problem 
is to determine whether there exist infinitely many Germain primes. The largest such 
known today is p = 48047305725 - 2!77409 — 1, which has 51910 digits. 

There is an attractive proof of the infinitude of primes of the form 8k — 1 that 
can be based on Theorem 9.6. 


Theorem 9.8. There are infinitely many primes of the form 8k — 1. 


Proof. As usual, suppose that there are only a finite number of such primes. Let these 
be pi, P2,---, Pn and consider the integer 


N = (4pip2-** Pn)’ — 2 
There exists at least one odd prime divisor p of N, so that 
(4p1 p2-+* Pn)” = 2 (mod p) 


or (2/p) = 1. In view of Theorem 9.6, p = +1 (mod 8). If all the odd prime divisors 
of N were of the form 8k + 1, then N would be of the form 8a + 1; this is clearly 
impossible, because WN is of the form 16a — 2. Thus, N must have a prime divisor g of 
the form 8k — 1. But g | N, and q | (4p) p2--~ Pn)” leads to the contradiction that q | 2. 


The next result, which allows us to effect the passage from Gauss’s lemma to 
the Quadratic Reciprocity Law (Theorem 9.9), has some independent interest. 
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Lemma. If p is an odd prime and a an odd integer, with gcd(a, p) = 1, then 
(a/p) = (— =" bare 


Proof. We shall employ the same notation as in the proof of Gauss’s lemma. Consider 


the set of integers 
-—1 
S= {4205 ... (2>) qh 
2 


Divide each of these multiples of a by p to obtain 
ka=qyp tty 1<u%<p-l 


Then ka/p = qx + t;/p, so that [ka/p] = qx. Thus, for 1 < k < (p — 1)/2, we may 
write ka in the form 


ka 
ka = =| ptt (1) 
Pp 
If the remainder t, < p/2, then it is one of the integers 7), ... , 7; on the other hand, 
if % > p/2, then it is one of the integers s;,..., Sp. 
Taking the sum of the (p — 1)/2 equations in Eq. (1), we get the relation 
(p—1)/2 (p—1)/2 ka m n 
>> ka= [S]o+ ont ys (2) 
k=l k=l LP k=l k=l 


It was learned in proving Gauss’s lemma that the (p — 1)/2 numbers 


Figs PS Sixes ss5(P — Sa 
are just a rearrangement of the integers 1, 2, ..., (p — 1)/2. Hence 
(p—1)/2 m n m n 
2. k=) orn+ > (p— sk) = pnt don— >> % (3) 
k=1 k=1 k=1 k=1 k=1 


Subtracting Eq. (3) from Eq. (2) gives 
(p=))/2 (p=1)/2 ka n 
a-1) )) k=p{ >> Fabe +2) % (4) 
k=l k=1 LP k=l 


Let us use the fact that p = a = 1 (mod 2) and translate this last equation into a 
congruence modulo 2: 


(p—1)/2 (p—1)/2 ke 
Oe cat ys [*]-») (mod 2) 
Pp 


or 


(p—1)/2 
k 
ie =| (mod 2) 
pot. LP 


The rest follows from Gauss’s lemma; for, 
(a/p) = (—1)" = (- 1p teal 


as we wished to show. 
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For an example of this last result, again consider p = 13 and a = 5. Because 


(p — 1)/2 = 6, it is necessary to calculate [ka/p] fork = 1,...,6: 


[5/13] = [10/13] =0 
[15/13] = [20/13] = [25/13] 
[30/13] =2 


II 
— 


By the lemma just proven, we have 


(5/13) = Gp = Gly = 2 


confirming what was earlier seen. 


PROBLEMS 9.2 


1. 


Find the value of the following Legendre symbols: 
(a) (19/23). 

(b) (—23/59). 

(c) (20/31). 

(d) (18/43). 

(e) (—72/131). 


. Use Gauss’s lemma to compute each of the Legendre symbols below (that is, in each 


case obtain the integer n for which (a/p) = (—1)"): 
(a) (8/11). 

(b) (7/13). 

(c) (5/19). 

(d) (11/23). 

(e) (6/31). 


. For an odd prime p, prove that there are (p — 1)/2 — @(p — 1) quadratic nonresidues of 


p that are not primitive roots of p. 


. (a) Let p be an odd prime. Show that the Diophantine equation 


x? + py+a=0 gcd(a, p) = 1 


has an integral solution if and only if (—a/p) = 1. 
(b) Determine whether x* + 7y — 2 = Ohas a solution in the integers. 


. Prove that 2 is not a primitive root of any prime of the form p = 3 - 2” + 1, except when 


p= 13. 
[Hint: Use Theorem 9.6. ] 


. (a) If p is an odd prime and gcd(ab, p) = 1, prove that at least one of a, b, or ab is a 


quadratic residue of p. 
(b) Given a prime p, show that, for some choice of n > 0, p divides 


(n? — 2)(n? — 3)(n? — 6) 


. If p is an odd prime, show that 


p-2 
Y@@+1)/p)=-1 
a=1 


[Hint: If a’ is defined by aa’ = 1 (mod p), then (a(a + 1)/p) = (1 +.’)/p). Note that 
1 + a’ runs through a complete set of residues modulo p, except for the integer 1.] 


10. 


11. 


12. 


13. 


14. 


15. 


16. 


17. 
18. 
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- Prove the statements below: 


(a) If p and g = 2p + 1 are both odd primes, then —4 is a primitive root of q. 
(b) If p = 1 (mod 4) 1s a prime, then —4 and (p — 1)/4 are both quadratic residues of p. 


. For a prime p = 7 (mod 8), show that p |2-)/? — 1. 


[Hint: Use Theorem 9.6.] 

Use Problem 9 to confirm that the numbers 2” — 1 are composite for n = 11, 23, 83, 

131,179, 183, 239, 251. 

Given that p and g = 4p + 1 are both primes, prove the following: 

(a) Any quadratic nonresidue of g is either a primitive root of g or has order 4 modulo q. 
[Hint: If a is a quadratic nonresidue of g, then —1 = (a/q) = a”? (mod q); hence, 
a has order 1, 2, 4, p, 2p, or 4p modulo q.] 

(b) The integer 2 is a primitive root of q; in particular, 2 is a primitive root of the primes 
13, 29, 53, and 173. 

If 7 is a primitive root of the odd prime p, prove that the product of the quadratic residues 

of p is congruent modulo p to r?’~)/4 and the product of the nonresidues of p is 

congruent modulo p to r'?—)"/4, 

[Hint: Apply the corollary to Theorem 9.4.] 

Establish that the product of the quadratic residues of the odd prime p is congruent 

modulo p to 1 or —1 according as p = 3 (mod 4) or p = 1 (mod 4). 

[Hint: Use Problem 12 and the fact that r’?~)/? = —1 (mod p). Or, Problem 3(a) of 

Section 9.1 and the proof of Theorem 5.5.] 

(a) If the prime p > 3, show that p divides the sum of its quadratic residues. 

(b) If the prime p > 5, show that p divides the sum of the squares of its quadratic 
nonresidues. 

Prove that for any prime p > 5 there exist integers 1 < a, b < p — 1 for which 


(a/p)=(@t+1/p)=1 and (b/p)=6+1/p)=-1 


that is, there are consecutive quadratic residues of p and consecutive nonresidues. 

(a) Let p be an odd prime and gcd(a, p) = gcd(k, p) = 1. Show that if the equation 
x? — ay” = kp admits a solution, then (a/p) = 1; for example, (2/7) = 1, because 
6*— 2-2? =4.7. 

[Hint: If xo, yo satisfy the given equation, then (xoyg ~2y2 =a (mod p).] 

(b) By considering the equation x* + 5y? = 7, demonstrate that the converse of the result 
in part (a) need not hold. 

(c) Show that, for any prime p = +3 (mod 8), the equation x? — 2y? = phasno solution. 

Prove that the odd prime divisors p of the integers 9” + 1 are of the form p = 1 (mod 4). 

For a prime p = 1 (mod 4), verify that the sum of the quadratic residues of p is equal to 

p(p — 1)/4. 

[Hint: If a,, ... , a, are the quadraticresidues of p less than p/2, then p — a, ..., Dp — @; 

are those greater than p/2.] 


9.3 QUADRATIC RECIPROCITY 


Let p and q be distinct odd primes, so that both of the Legendre symbols (p/q) 
and (q/p) are defined. It is natural to enquire whether the value of (p/q) can be 
determined if that of (g / p) is known. To put the question more generally, is there any 
connection at all between the values of these two symbols? The basic relationship was 
conjectured experimentally by Euler in 1783 and imperfectly proved by Legendre 
two years thereafter. Using his symbol, Legendre stated this relationship in the 
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elegant form that has since become known as the Quadratic Reciprocity Law: 


(p/q\q/p) = (-1) = 


Legendre went amiss in assuming a result that is as difficult to prove as the law 
itself, namely, that for any odd prime p = 1 (mod 8), there exists another prime 
q = 3 (mod 4) for which p is a quadratic residue. Undaunted, he attempted another 
proof in his Essai sur la Théorie des Nombres (1798); this one also contained a 
gap, because Legendre took for granted that there are an infinite number of primes 
in certain arithmetical progressions (a fact eventually proved by Dirichlet in 1837, 
using in the process very subtle arguments from complex variable theory). 

At the age of 18, Gauss (in 1795), apparently unaware of the work of either 
Euler or Legendre, rediscovered this reciprocity law and, after a year’s unremit- 
ting labor, obtained the first complete proof. “It tortured me,” says Gauss, “for the 
whole year and eluded my most strenuous efforts before, finally, I got the proof 
explained in the fourth section of the Disquisitiones Arithmeticae.” In the Disqui- 
sitiones Arithmeticae—which was published in 1801, although finished in 1798— 
Gauss attributed the Quadratic Reciprocity Law to himself, taking the view that a 
theorem belongs to the one who gives the first rigorous demonstration. The indig- 
nant Legendre was led to complain: “This excessive impudence is unbelievable in 
a man who has sufficient personal merit not to have the need of appropriating the 
discoveries of others.” All discussion of priority between the two was futile; because 
each clung to the correctness of his position, neither took heed of the other. Gauss 
went on to publish five different demonstrations of what he called “the gem of higher 
arithmetic,” and another was found among his papers. The version presented below, a 
variant of one of Gauss’s own arguments, is due to his student, Ferdinand Eisenstein 
(1823-1852). The proof is challenging (and it would perhaps be unreasonable to 
expect an easy proof), but the underlying idea is simple enough. 


Theorem 9.9 Quadratic Reciprocity Law. If p and q are distinct odd primes, then 
-1 q-1 
(p/q)(q/p) = (-1)? = 


Proof. Consider the rectangle in the xy coordinate plane whose vertices are (0, 0), 
(p/2, 0), (0, g/2), and (p/2, q/2). Let R denote the region within this rectangle, not 
including any of the bounding lines. The general plan of attack is to count the number 
of lattice points (that is, the points whose coordinates are integers) inside R in two 
different ways. Because p and q are both odd, the lattice points in R consist of all 
points (n, m), where 1 < n < (p — 1)/2 and 1 < m < (q — 1)/2; clearly, the number 
of such points is 


Now the diagonal D from (0, 0) to (p/2, q/2) has the equation y = (q/p)x, or 
equivalently, py = qx. Because gcd(p, g) = 1, none of the lattice points inside R will 
lie on D. For p must divide the x coordinate of any lattice point on the line py = qx, and 
q must divide its y coordinate; there are no such points in R. Suppose that 7, denotes 
the portion of R that is below the diagonal D, and 7, the portion above. By what we 
have just seen, it suffices to count the lattice points inside each of these triangles. 
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The number of integers in the interval 0 < y < kq/p is equal to [kq/p]. Thus, 
for 1 <k < (p — 1)/2, there are precisely [kq/p] lattice points in 7; directly above 
the point (k, 0) and below D; in other words, lying on the vertical line segment from 
(k, 0) to (k, kq/p). It follows that the total number of lattice points contained in T; is 


ye E 
feat LP 


0, q/2 

O.4/2) (p/2, q/2) 
O./) 

(0,0) (0) (7/2, 0) 


A similar calculation, with the roles of p and q interchanged, shows that the number 


of lattice points within 7> is 
=1)/2'--s 
> ip 
ja 


This accounts for all of the lattice points inside R, so that 


—1)/2 -1)/2r. 
pol @=1 oe []+°0 iz] 
See 4 jot i @ 


The time has come for Gauss’s lemma to do its duty: 
(p/a)(q/p) = (EAP Ue ra). 1 Eka 
= (=) ipsa Dy ea 


p-|q-l 


The proof of the Quadratic Reciprocity Law is now complete. 
An immediate consequence of this is Corollary 1. 


Corollary 1. If p and q are distinct odd primes, then 
1 if p =1 (mod 4) org = 1 (mod 4) 


(p/q)(q/p) = ie if p = q =3 (mod 4) 
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Proof. The number (p — 1)/2-(g — 1)/2 is even if and only if at least one of the 
integers p and q is of the form 4k + 1; if both are of the form 4k + 3, then the product 
(p — 1)/2- (g — 1)/2 is odd. 


Multiplying each side of the equation of the Quadratic Reciprocity Law by (q/p) 
and using the fact that (q/p)? = 1, we could also formulate this as Corollary 2. 


Corollary 2. If p and q are distinct odd primes, then 
(q/p) if p= 1 (mod 4) org = 1 (mod 4) 


Let us see what this last series of results accomplishes. Take p to be an odd 
prime and a # +1 to be an integer not divisible by p. Suppose further that a has the 
factorization 


P= 2p py ok pe 
where the p; are distinct odd primes. Because the Legendre symbol is multiplicative, 


(a/p) = (+1/p)(2/p)(pi/ p)" «+ (pr/ py” 


To evaluate (a/p), we have only to calculate each of the symbols (—1/p), (2/p), 
and (p;/p). The values of (—1/p) and (2/p) were discussed earlier, so that the one 
stumbling block is (p;/p), where p; and p are distinct odd primes; this is where the 
Quadratic Reciprocity Law enters. For Corollary 2 allows us to replace (p;/p) by a 
new Legendre symbol having a smaller denominator. Through continued inversion 
and division, the computation can be reduced to that of the known quantities 


(-l/q) (Q/q)  (@/q) 

This is all somewhat vague, of course, so let us look at a concrete example. 
Example 9.5. Consider the Legendre symbol (29/53). Because both 29 = 1 (mod 4) 
and 53 = 1 (mod 4), we see that 

(29/53) = (53/29) = (24/29) = (2/29)(3/29)(4/29) = (2/29)(3/29) 
With reference to Theorem 9.6, (2/29) = —1, while inverting again, 
(3/29) = (29/3) = (2/3) = -1 
where we used the congruence 29 = 2 (mod 3). The net effect is that 
(29/53) = (2/29)(3/29) = (-1)(-1) = 1 
The Quadratic Reciprocity Law provides a very satisfactory answer to the prob- 


lem of finding odd primes p ¥ 3 for which 3 is a quadratic residue. Because 3 = 3 
(mod 4), Corollary 2 of Theorem 9.9 implies that 


(p/3) if p = 1 (mod 4) 


3 = 
S/P) pee if p = 3 (mod 4) 
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Now p = 1 (mod 3) or p = 2 (mod 3). By Theorems 9.2 and 9.6, 
1 if p =1 (mod 3) 
—1 if p =2 (mod 3) 
the implication of which is that (3/p) = 1 if and only if 
Pp = 1 (mod 4) and Pp =1 (mod 3) 


(p/3) = 


or 


Pp =3 (mod 4) and p =2 (mod 3) 
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(1) 


(2) 


The restrictions in the congruencies in Eq. (1) are equivalent to requiring that p = 
1 (mod 12) whereas those congruencies in Eq. (2) are equivalent to p = 11 =—1 


(mod 12). The upshot of all this is Theorem 9.10. 


Theorem 9.10. If p 4 3 is an odd prime, then 
1 if p= +1 (mod 12) 


(3/p) = bs if p = +5 (mod 12) 


Example 9.6. For an example of the solution of a quadratic congruence with a com- 
posite modulus, consider 


x* = 196 (mod 1357) 
Because 1357 = 23 - 59, the given congruence is solvable if and only if both 
x* = 196(mod23) and  x* = 196 (mod 59) 


are solvable. Our procedure is to find the values of the Legendre symbols (196/23) and 
(196/59). 
The evaluation of (196/23) requires the use of Theorem 9.10: 


(196/23) = (12/23) = G/23) = 1 
Thus, the congruence x* = 196 (mod 23) admits a solution. As regards the symbol 
(196/59), the Quadratic Reciprocity Law enables us to write 
(196/59) = (19/59) = —(59/19) = —(2/19) = —(-1) = 1 


Therefore, it is possible to solve x? = 196 (mod 59) and, in consequence, the congru- 
ence x” = 196 (mod 1357) as well. 

To arrive at a solution, notice that the congruence x* = 196 = 12 (mod 23) is 
satisfied by x = 9, 14 (mod 23), and x* = 196 = 19 (mod 59) has solutions x = 14, 45 
(mod 59). We may now use the Chinese Remainder Theorem to obtain the simultaneous 
solutions of the four systems: 

x = 14 (mod 23) and x = 14 (mod 59) 

x = 14 (mod 23) and x = 45 (mod 59) 

x = 9 (mod 23) and x = 14 (mod 59) 

x = 9 (mod 23) and x = 45 (mod 59) 
The resulting values x = 14, 635, 722, 1343 (mod 1357) are the desired solutions of 
the original congruence x* = 196 (mod 1357). 
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Example 9.7. Let us turn to a quite different application of these ideas. At an earlier 
stage, it was observed that if F, = 2" +1,n>1,isa prime, then 2 is not a primitive 
root of F,,. We now possess the means to show that the integer 3 serves as a primitive 
root of any prime of this type. 

As a first step in this direction, note that any F,, is of the form 12k + 5. A sim- 
ple induction argument confirms that 4” = 4 (mod 12) for m = 1,2,...; hence, we 
must have 


F,=2" +1=27"41=4" +1 =5 (mod 12) 
If F,, happens to be prime, then Theorem 9.10 permits the conclusion 
(3/F,) = —-1 
or, using Euler’s criterion, 
3(Fn—-D/2 = _1 (mod Fy) 
Switching to the phi-function, the last congruence says that 
30(n)/2 = _] (mod F,) 


From this, it may be inferred that 3 has order @(F,,) modulo F,, and therefore 3 is a 
primitive root of F,,. For if the order of 3 were a proper divisor of 


OF.) = Fy -1=2" 
then it would also divide @(F,,)/2, leading to the contradiction 
30/2 = 1 (mod Fy) 


PROBLEMS 9.3 


1. 


Evaluate the following Legendre symbols: 
(a) (71/73). 

(b) (—219/383). 

(c) (461/773). 

(d) (1234/4567). 

(e) (3658/12703). 

[Hint: 3658 = 2-31 -59.] 


. Prove that 3 is a quadratic nonresidue of all primes of the form 27” + 1 and also all 


primes of the form 2? — 1 where p is an odd prime. 
[Hint: For all n, 4” = 4 (mod 12).] 


. Determine whether the following quadratic congruences are solvable: 


(a) x? = 219 (mod 419). 
(b) 3x? + 6x + 5 = 0 (mod 89). 
(c) 2x2 +5x —9 =0 (mod 101). 


. Verify that if p is an odd prime, then 


1 if p=1(mod8) or p=3 (mod 8) 


27py= {| ifp =5(mod8) or p=7 (mod 8) 


- (a) Prove that if p > 3 is an odd prime, then 


1 if p =1(mod6) 


(—3/p) = fe if p = 5 (mod 6) 


10. 


11. 


12. 


13. 


14. 


15. 


16. 
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(b) Using part (a), show that there are infinitely many primes of the form 6k + 1. 
[Hint: Assume that pj, p2,..., p, are all the primes of the form 6k + 1 and consider 
the integer N = (2p) po: -- p,)* +3.] 


. Use Theorem 9.2 and Problems 4 and 5 to determine which primes can divide integers 


of the forms n? + 1, n? + 2, orn” + 3 for some value of n. 


. Prove that there exist infinitely many primes of the form 8k + 3. 


[Hint: Assume that there are only finitely many primes of the form 8k + 3, say pu, 
P2, +++, Pr, and consider the integer N = (pi p2--- p,)* + 2.] 


. Finda prime number p that is simultaneously expressible in the forms x* + y”,u? + 2v?, 


and r2 + 3s”. 
[Hint: (—1/p) = (—2/p) = (—3/p) = 1.] 


. If p and q are odd primes satisfying p = q + 4a for some a, establish that 


(a/p) = (a/q) 


and, in particular, that (6/37) = (6/13). 

[Hint: Note that (a/p) = (—q/p) and use the Quadratic Reciprocity Law. ] 

Establish each of the following assertions: 

(a) (5/p) = 1 if and only if p = 1, 9, 11, or 19 (mod 20). 

(b) (6/p) = 1 if and only if p = 1,5, 19, or 23 (mod 24). 

(c) (7/p) = 1 if and only if p = 1, 3, 9, 19, 25, or 27 (mod 28). 

Prove that there are infinitely many primes of the form 5k — 1. 

[Hint: For any n > 1, the integer 5(n!)* — 1 has a prime divisor p > n that is not of the 

form 5k + 1; hence, (5/p) = 1.] 

Verify the following: 

(a) The prime divisors p ¥ 3 of the integer n? — n + 1 are of the form 6k + 1. 
[Hint: If p|n? —n +1, then (2n — 1)? = —3 (mod p).] 

(b) The prime divisors p #5 of the integer n? +n — 1 are of the form 10k +1 or 
10k + 9. 

(c) The prime divisors p of the integer 2n(n + 1) + 1 are of the form p = 1 (mod 4). 
[Hint: If p | 2n(n + 1) + 1, then (2n + 1)* = —1 (mod p).] 

(d) The prime divisors p of the integer 3n(n + 1) + 1 are of the form p = 1 (mod 6). 

(a) Show that if p is a prime divisor of 839 = 387 — 5 - 117, then (5/p) = 1. Use this 
fact to conclude that 839 is a prime number. 
[Hint: It suffices to consider those primes p < 29.] 

(b) Prove that both 397 = 207 — 3 and 733 = 29 — 3 - 6? are primes. 

Solve the quadratic congruence x? = 11 (mod 35). 

[Hint: After solving x* = 11 (mod 5) and x” = 11 (mod 7), use the Chinese Remainder 

Theorem. | 

Establish that 7 is a primitive root of any prime of the form p = 2" + 1. 

[Hint: Because p = 3 or 5 (mod 7), (7/p) = (p/7) = -1.] 

Let a and b > 1 be relatively prime integers, with b odd. If b = p; p2--- p; is the de- 

composition of b into odd primes (not necessarily distinct) then the Jacobi symbol (a/b) 

is defined by 


(a/b) = (a/pi)(a/p2)---(a4/Pr) 


where the symbols on the right-hand side of the equality sign are Legendre symbols. 
Evaluate the Jacobi symbols 


(21/221) (215/253) (631/1099) 
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Under the hypothesis of the previous problem, show that if a is a quadratic residue of b, 
then (a/b) = 1; but, the converse is false. 
Prove that the following properties of the Jacobi symbol hold: If b and Db’ are positive 
odd integers and gcd(aa’, bb’) = 1, then 
(a) a =a’ (mod D) implies that (a/b) = (a’/b). 
(b) (aa’/b) = (a/b)(a'/b). 
(c) (a/bb’) = (a/b)(a/b’). 
(d) (a*/b) = a/b’) = 1. 
(e) (1/b) = 1. 
Oieib).= (ye. 
[Hint: Whenever u and v are odd integers, (vu — 1)/2 + (v — 1)/2 = (wv — 1)/2 
(mod 2).] 
(g) (2/b) = (-DO-Y, 
[Hint: Whenever u and v are odd integers, (u2 — 1)/8 + (v? — 1)/8 = [(uvy* — 1]/8 
(mod 2).] 
Derive the Generalized Quadratic Reciprocity Law: Ifa and b are relatively prime positive 
odd integers, each greater than 1, then 


a-1 b-1 
2 


(a/b)(b/a) = (-1) 7 


[Hint: See the hint in Problem 18(f).] 
Using the Generalized Quadratic Reciprocity Law, determine whether the congruence 
x* = 231 (mod 1105) is solvable. 


QUADRATIC CONGRUENCES WITH COMPOSITE MODULI 


So far in the proceedings, quadratic congruences with (odd) prime moduli have been 
of paramount importance. The remaining theorems broaden the horizon by allowing 
a composite modulus. To start, let us consider the situation where the modulus is a 
power of a prime. 


Theorem 9.11. If p is an odd prime and gcd(a, p) = 1, then the congruence 
x*=a(modp") n>1 


has a solution if and only if (a/p) = 1. 


Proof. As is common with many “if and only if” theorems, half of the proof is trivial 
whereas the other half requires considerable effort: If x? = a (mod p”) has a solution, 
then so does x? = a (mod p)—in fact, the same solution—whence (a/p) = 1. 

For the converse, suppose that (a/p) = 1. We argue that x* =a (mod p”) is 
solvable by inducting onn. Ifn = 1, there is really nothing to prove; indeed, (a/p) = 1 
is just another way of saying that x = a (mod p) can be solved. Assume that the result 
holds for n = k > 1, so that x = a (mod p*) admits a solution xp. Then 


x6 =a+bp* 


for an appropriate choice of b. In passing from k to k + 1, we shall use xo and b to 
write down explicitly a solution to the congruence x? = a (mod p**'). 
Toward this end, we first solve the linear congruence 


2x9y = —b (mod p) 
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obtaining a unique solution yo modulo p (this is possible because gcd(2xo, p) = 1). 
Next, consider the integer 


x; =x0 + yop* 
Upon squaring this integer, we get 
(xo + yop*)” = x§ + 2xoyop* + yo p™ 
= a+ (b+ 2xoyo)p* + y6p* 
But p | (b + 2xoyo), from which it follows that 


x? = (xo + yop*)* = a (mod p**') 


Thus, the congruence x” = a (mod p”) has a solution forn = k + 1 and, by induction, 


for all positive integers n. 
Let us run through a specific example in detail. The first step in obtaining a 
solution of, say, the quadratic congruence 
x? = 23 (mod 7’) 
is to solve x* = 23 (mod 7), or what amounts to the same thing, the congruence 
x* = 2 (mod 7) 


Because (2/7) = 1, a solution surely exists; in fact, x9 = 3 is an obvious choice. 


Now Ke can be represented as 


3? = 9 = 23+ (-2)7 


so that b = —2 (in our special case, the integer 23 plays the role of a). Following 
the proof of Theorem 9.11, we next determine y so that 


6y = 2 (mod 7) 
that is, 3y = 1 (mod 7). This linear congruence is satisfied by yp = 5. Hence, 
xo +7y9 = 34+7-5= 38 


serves as a solution to the original congruence x” = 23 (mod 49). It should be noted 
that —38 = 11 mod (49) is the only other solution. 
If, instead, the congruence 


x? = 23 (mod 7°) 
were proposed for solution, we would start with 

x? = 23 (mod 7”) 
obtaining a solution x9 = 38. Because 

38° = 23+ 29-7 


the integer b = 29. We would then find the unique solution yo = 1 of the linear 
congruence 


76y = —29 (mod 7) 
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Then x? = 23 (mod 7°) is satisfied by 
xo t+ yo: 77 = 38+1-49 = 87 


as well as —87 = 256 (mod 7°). 
Having dwelt at length on odd primes, let us now take up the case p = 2. The 
next theorem supplies the pertinent information. 


Theorem 9.12. Let a be an odd integer. Then we have the following: 


(a) x* = a (mod 2) always has a solution. 
(b) x? =a (mod 4) has a solution if and only if a = 1 (mod 4). 
(c) x* = a (mod 2"), for n > 3, has a solution if and only if a = 1 (mod 8). 


Proof. The first assertion is obvious. The second depends on the observation that the 
square of any odd integer is congruent to 1 modulo 4. Consequently, x? = a (mod 4) 
can be solved only when a is of the form 4k + 1; in this event, there are two solutions 
modulo 4, namely, x = 1 andx = 3. 

Now consider the case in which n > 3. Because the square of any odd integer 
is congruent to 1 modulo 8, we see that for the congruence x* = a (mod 2”) to be 
solvable a must be of the form 8k + 1. To go the other way, let us suppose that a = 
1 (mod 8) and proceed by induction on the exponent n. When n = 3, the congruence 
x°- =a (mod 2”) is certainly solvable; indeed, each of the integers 1, 3, 5, 7 satisfies 
x7 =1 (mod 8). Fix a value of n > 3 and assume, for the induction hypothesis, that 
the congruence x* = a (mod 2") admits a solution xo. Then there exists an integer b 
for which 


xe =a+b2" 


Because a is odd, so is the integer xg. It is therefore possible to find a unique solution 
yo of the linear congruence 


xoy = —b (mod 2) 
We argue that the integer 
x1 = x9 + yo2""! 
satisfies the congruence x? = a (mod 2”*'), Squaring yields 
(xo + yo2"" 1)? = x5 + xoyo2" + yg"? 
=a+t(b+ xoyo)2” + yg2"? 
By the way yo was chosen, 2 | (b + xo yo); hence, 
x? = (xo + yo2”"!? = a (mod 2”*") 
(we also use the fact that 2n —2 =n+1+(n—3) >n +1). Thus, the congruence 


x? = a (mod 2"*') is solvable, completing the induction step and the proof. 


To illustrate: The quadratic congruence x? = 5 (mod 4) has a solution, but 
x* = 5 (mod 8) does not; on the other hand, both x? = 17 (mod 16) and x? = 17 
(mod 32) are solvable. 
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In theory, we can now completely settle the question of when there exists an 
integer x such that 


x* =a (mod n) gcd(a,n) = 1 n>l 


For suppose that 1 has the prime-power decomposition 
n = 2" pip... pk ky > 0,k; > 0 


where the p; are distinct odd primes. Since the problem of solving the quadratic 


congruence x” = a (mod n) is equivalent to that of solving the system of congruences 


x* =a (mod 2) 


x* =a (mod pi) 


x? =a (mod p*) 


our last two results may be combined to give the following general conclusion. 


Theorem 9.13. Let n = 2 pi! -.- p* be the prime factorization of n > 1 and let 
gcd(a, n) = 1. Then x? = a (mod n) is solvable if and only if 


(a) (a/p;) = 1 fori = 1,2,...,7r; 
(b) a = 1 (mod 4) if 4|n, but 8 J n; a = 1 (mod 8) if 8 | 7. 


PROBLEMS 9.4 


1. (a) Show that 7 and 18 are the only incongruent solutions of x* = —1 (mod 5”). 
(b) Use part (a) to find the solutions of x* = —1 (mod 53). 
2. Solve each of the following quadratic congruences: 
(a) x* = 7 (mod 33). 
(b) x* = 14 (mod 5°). 
(c) x? = 2 (mod 7°). 
3. Solve the congruence x” = 31 (mod 11%). 
. Find the solutions of x? + 5x + 6 = 0 (mod 5%) and x* + x + 3 = 0 (mod 3°). 
. Prove that if the congruence x* = a (mod 2”), where a is odd and n > 3, has a solution, 
then it has exactly four incongruent solutions. 
[Hint: If xo is any solution, then the four integers x9, —xo, xo + 2”-!, —xo +2"! are 
incongruent modulo 2” and comprise all the solutions.] 
6. From 23? = 17 (mod 2’), find three other solutions of the quadratic congruence x* = 17 
(mod 2’). 
7. First determine the values of a for which the congruences below are solvable and then 
find the solutions of these congruences: 
(a) x? =a (mod 2%). 
(b) x? =a (mod 2°). 
(c) x? =a (mod 2°). 
8. For fixed n > 1, show that all solvable congruences x? = a(modn) with gcd(a,n) = 1 
have the same number of solutions. 


a > 
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9. (a) Without actually finding them, determine the number of solutions of the congruences 
x* = 3 (mod 11? - 23) and x? = 9 (mod 23 -3 - 5’). 
(b) Solve the congruence x” = 9 (mod 23 - 3 - 52). 
10. (a) For an odd prime p, prove that the congruence 2x? + 1 = 0 (mod p) has a solution 
if and only if p = 1 or 3 (mod 8). 
(b) Solve the congruence 2x? +1 =0(mod 11”). 
[Hint: Consider integers of the form x9 + 11k, where xp is a solution of Dh aes 
0 (mod 11).] 


CHAPTER 
INTRODUCTION TO CRYPTOGRAPHY 


I am fairly familiar with all forms of secret writings and am myself the 
author of a trifling manuscript on the subject. 
SiR ARTHUR CONAN DOYLE 


10.1 FROM CAESAR CIPHER TO PUBLIC KEY CRYPTOGRAPHY 


Classically, the making and breaking of secret codes has usually been confined to 
diplomatic and military practices. With the growing quantity of digital data stored 
and communicated by electronic data-processing systems, organizations in both the 
public and commercial sectors have felt the need to protect information from un- 
wanted intrusion. Indeed, the widespread use of electronic funds transfers has made 
privacy a pressing concern in most financial transactions. There thus has been a 
recent surge of interest by mathematicians and computer scientists in cryptogra- 
phy (from the Greek kryptos meaning hidden and graphein meaning to write), the 
science of making communications unintelligible to all except authorized parties. 
Cryptography is the only known practical means for protecting information transmit- 
ted through public communications networks, such as those using telephone lines, 
microwaves, or satellites. 

In the language of cryptography, where codes are called ciphers, the information 
to be concealed is called plaintext. After transformation to a secret form, a message 
is called ciphertext. The process of converting from plaintext to ciphertext is said 
to be encrypting (or enciphering), whereas the reverse process of changing from 
ciphertext back to plaintext is called decrypting (or deciphering). 
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One of the earliest cryptographic systems was used by the great Roman emperor 
Julius Caesar around 50 B.c. Caesar wrote to Marcus Cicero using a rudimentary 
substitution cipher in which each letter of the alphabet is replaced by the letter that 
occurs three places down the alphabet, with the last three letters cycled back to the 
first three letters. If we write the ciphertext equivalent underneath the plaintext letter, 
the substitution alphabet for the Caesar cipher is given by 


Plaintext ABCDEFGHIJKLMNOPQRSTUVWXYZ 
Ciphertext: DEFGHIJKLMNOPQRSTUVWXYZABC 
For example, the plaintext message 
CAESAR WAS GREAT 
is transformed into the ciphertext 
FDHVDU ZDV JUHDW 


The Caesar cipher can be described easily using congruence theory. Any plaintext 
is first expressed numerically by translating the characters of the text into digits by 
means of some correspondence such as the following: 


A By GC. (Do > ERE. Fo GH Tt oo) K th. Ml 
00 01 02 03 04 05 06 O7 O08 O09 10 11 12 


Ne Os 2 Pe FOURS gS< eis Ub ow SW ee CZ 
oy 4s Nae 1G) Arie Te 18 20 2 322 230 2425 


If P is the digital equivalent of a plaintext letter and C is the digital equivalent of 
the corresponding ciphertext letter, then 


C = P +3 (mod 26) 


Thus, for instance, the letters of the message in Eq. (1) are converted to their equiv- 
alents: 


02 00 04 18 00 17 22 00 18 06 17 04 00 19 
Using the congruence C = P + 3 (mod 26), this becomes the ciphertext 
OS: 03. OF. 21°03) 20. 25 03: -21) 09° 20:07. 03. 22 
To recover the plaintext, the procedure is simply reversed by means of the congruence 
P=C-—3=C +23 (mod 26) 


The Caesar cipher is very simple and, hence, extremely insecure. Caesar himself 
soon abandoned this scheme—not only because of its insecurity, but also because 
he did not trust Cicero, with whom he necessarily shared the secret of the cipher. 

An encryption scheme in which each letter of the original message is replaced 
by the same cipher substitute is known as a monoalphabetic cipher. Such crypto- 
graphic systems are extremely vulnerable to statistical methods of attack because 
they preserve the frequency, or relative commonness, of individual letters. In a 
polyalphabetic cipher, a plaintext letter has more than one ciphertext equivalent: the 
letter E, for instance, might be represented by J, Q, or X, depending on where it 
occurs in the message. 
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General fascination with cryptography had its initial impetus with the short 
story The Gold Bug, published in 1843 by the American writer Edgar Allan Poe. 
It is a fictional tale of the use of a table of letter frequencies to decipher directions 
for finding Captain Kidd’s buried treasure. Poe fancied himself a cryptologist far 
beyond the ordinary. Writing for Alexander’s Weekly, a Philadelphia newspaper, he 
once issued a claim that he could solve “forthwith” any monoalphabetic substitution 
cipher sent in by readers. The challenge was taken up by one G. W. Kulp, who 
submitted a 43-word ciphertext in longhand. Poe showed in a subsequent column 
that the entry was not genuine, but rather a “jargon of random characters having no 
meaning whatsoever.” When Kulp’s cipher submission was finally decoded in 1975, 
the reason for the difficulty became clear; the submission contained a major error on 
Kulp’s part, along with 15 minor errors, which were most likely printer’s mistakes 
in reading Kulp’s longhand. 

The most famous example of a polyalphabetic cipher was published by the 
French cryptographer Blaise de Vigenére (1523-1596) in his Traicté de Chiffres 
of 1586. To implement this system, the communicating parties agree on an easily 
remembered word or phrase. With the standard alphabet numbered from A = 00 to 
Z = 25, the digital equivalent of the keyword is repeated as many times as nec- 
essary beneath that of the plaintext message. The message is then enciphered by 
adding, modulo 26, each plaintext number to the one immediately beneath it. The 
process may be illustrated with the keyword READY, whose numerical version 
is 17 04 00 03 24. Repetitions of this sequence are arranged below the numerical 
plaintext of the message 


ATTACK AT ONCE 
to produce the array 


00 19 19 00 02 10 00 19 14 13 Q2 04 
17 04 00 03 24 17 04 00 03 24 17 04 


When the columns are added modulo 26, the plaintext message is encrypted as 
17 23 19 03 OO O1 04 19 1 oe Bs a Sie 8 
or, converted to letters, 
RXTDAB ET RLITI 


Notice that a given letter of plaintext is represented by different letters in ciphertext. 
The double T in the word ATTACK no longer appears as a double letter when 
ciphered, while the ciphertext letter R first corresponds to A and then to O in the 
original message. 

In general, any sequence of n letters with numerical equivalents b;, bz, ..., Dy 
(00 < b; < 25) will serve as the keyword. The plaintext message is expressed as 
successive blocks P; P2--- P, of n two-digit integers P;, and then converted to 
ciphertext blocks C,;C2---C, by means of the congruences 


Decryption is carried out by using the relations 


P; = C; — b; (mod 26) l<i<=n 
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A weakness in Vigeneére’s approach is that once the length of the keyword has 
been determined, a coded message can be regarded as a number of separate mono- 
alphabetic ciphers, each subject to straightforward frequency analysis. A variant to 
the continued repetition of the keyword is what is called a running key, a random 
assignment of ciphertext letters to plaintext letters. A favorite procedure for generat- 
ing such keys is to use the text of a book, where both sender and recipient know the 
title of the book and the starting point of the appropriate lines. Because a running 
key cipher completely obscures the underlying structure of the original message, the 
system was long thought to be secure. But it does not, as Scientific American once 
claimed, produce ciphertext that is “impossible of translation.” 

A clever modification that Vigenére contrived for his polyalphabetic cipher is 
currently called the autokey (“automatic key”). This approach makes use of the 
plaintext message itself in constructing the encryption key. The idea is to start off 
the keyword with a short seed or primer (generally a single letter) followed by 
the plaintext, whose ending is truncated by the length of the seed. The autokey 
cipher enjoyed considerable popularity in the 16th and 17th centuries, since all it 
required of a legitimate pair of users was to remember the seed, which could easily be 
changed. 

Let us give a simple example of the method. 


Example 10.1. Assume that the message 
ONE IF BY DAWN 
is to be encrypted. Taking the letter K as the seed, the keyword becomes 


KONEIFB YDAW 


When both the plaintext and keyword are converted to numerical form, we obtain the 
array 


14 13 04 08 05 O01 24 03 00 22 13 
10 14 13 04 08 05 Ol 24 03 OO 22 


Adding the integers in matching positions modulo 26 yields the ciphertext 
24 01 17 12: 413 06 25 01 03 22 09 
or, changing back to letters: 
YBR MN GZ BDWJ 
Decipherment is achieved by returning to the numerical form of both the plain- 
text and its ciphertext. Suppose that the plaintext has digital equivalents P; Pp... P, 


and the ciphertext C,C ... C,. If S indicates the seed, then the first plaintext num- 
ber is 


P, = C; — S = 24-10 = 14 (mod 26) 
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Thus, the deciphering transformation becomes 
Py, = Cy — Pr_-; (mod 26),2<k<n 
This recovers, for example, the integers 
P, = 01 — 14 = —13 = 13 (mod 26) 
P; = 17-13 =4 (mod 26) 


where, to maintain the two-digit format, the 4 is written 04. 

A way to ensure greater security in alphabetic substitution ciphers was devised 
in 1929 by Lester Hill, an assistant professor of mathematics at Hunter College. 
Briefly, Hill’s approach is to divide the plaintext message into blocks of n letters 
(possibly filling out the last block by adding “dummy” letters such as X’s) and then 
to encrypt block by block using a system of n linear congruences in n variables. 
In its simplest form, when n = 2, the procedure takes two successive letters and 
transforms their numerical equivalents P,P) into a block C;C2 of ciphertext 
numbers via the pair of congruences 


C, =aP, + bP» (mod 26) 

Cy = cP; + dP> (mod 26) 
To permit decipherment, the four coefficients a, b,c,d must be selected so the 
gcd(ad — bc, 26) = 1. 


Example 10.2. To illustrate Hill’s cipher, let us use the congruences 
C, = 2P; + 3P> (mod 26) 
Cy = 5P; + 8P> (mod 26) 


to encrypt the message BUY NOW. The first block BU of two letters is numerically 
equivalent to 01 20. This is replaced by 


2(01) + 3(20) = 62 = 10 (mod 26) 
5(01) + 8(20) = 165 = 09 (mod 26) 
Continuing two letters at a time, we find that the completed ciphertext is 
10 09 09 16 16 12 


which can be expressed alphabetically as KJJ QQM. 

Decipherment requires solving the original system of congruences for P; and P 
in terms of C; and C4. It follows from the proof of Theorem 4.9 that the plaintext block 
P, P can be recovered from the ciphertext block C;Cz by means of the congruences 


Py 8C, — 3C2 (mod 26) 
Py, = —5C; + 2C> (mod 26) 
For the block 10 09 of ciphertext, we calculate 
P; 8(10) — 3(09) = 53 = 01 (mod 26) 
P» —5(10) + 2(09) = —32 = 20 (mod 26) 


which is the same as the letter-pair BU. The remaining plaintext can be restored in a 
similar manner. 
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An influential nonalphabetic cipher was devised by Gilbert S. Verman in 1917 
while he was employed by the American Telephone and Telegraph Company 
(AT&T). Verman was interested in safeguarding information sent by the newly de- 
veloped teletypewriter. At that time, wire messages were transmitted in the Baudot 
code, a code named after its French inventor J. M. E. Baudot. Baudot represented 
each letter of the alphabet by a five-element sequence of two symbols. If we take 
the two symbols to be 1 and 0, then the complete table is given by 


A = 11000 J = 11010 S = 10100 
B = 10011 K = 11110 T = 00001 
C= 01110 L = 01001 U = 11100 
D = 10010 M = 00111 V=01111 
E = 10000 N = 00110 W = 11001 
F = 10110 O = 00011 X= 10111 
G=01011 P= 01101 Y = 10101 
H = 00101 Q= 11101 Z = 10001 
I = 01100 R = 01010 


Any plaintext message such as 
ACT NOW 
would first be transformed into a sequence of binary digits: 
110000111000001001100001111001 


Verman’s innovation was to take as the encryption key an arbitrary sequence of 1’s 
and 0’s with length the same as that of the numerical plaintext. A typical key might 
appear as 


101001011100100010001111001011 


where the digits could be chosen by flipping a coin with heads as 1 and tails as 0. 
Finally, the ciphertext is formed by adding modulo 2 the digits in equivalent places 
in the two binary strings. The result in this instance becomes 


011001100100101011101111110010 


A crucial point is that the intended recipient must possess in advance the encryption 
key, for then the numerical plaintext can be reconstructed by merely adding modulo 
2 corresponding digits of the encryption key and ciphertext. 

In the early applications of Verman’s telegraph cipher, the keys were written on 
numbered sheets of paper and then bound into pads held by both correspondents. A 
sheet was torn out and destroyed after its key had been used just once. For this reason, 
the Verman enciphering procedure soon became known as the one-time system 
or one-time pad. The cryptographic strength of Verman’s method of enciphering 
resided in the possibly extreme length of the encryption key and the absence of any 
pattern within its entries. This assured security that was attractive to the military or 
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diplomatic services of many countries. In 1963, for instance, a teleprinter hot line 
was established between Washington and Moscow using a one-time tape. 

In the 1970s, cryptographic systems involving modular exponentiation (that is, 
finding the least positive residue of a*(mod n) where a, k,n are positive integers) 
became increasingly prominent. By contrast with conventional cryptosystems, such 
as Caesar’s cipher in which a message’s sender and receiver share the same secret 
code, exponential systems require two distinct keys. One key encrypts; the other 
decrypts. These asymmetric-key systems are not difficult to implement. A user who 
wishes to conceal information might begin by selecting a (large) prime p to serve 
as the enciphering modulus, and a positive integer 2 < k < p — 2, the enciphering 
exponent. Modulus and exponent, both kept secret, must satisfy gcd(k, p — 1) = 1. 

The encryption process begins with the conversion of the message to numerical 
form M by means of a “digital alphabet” in which each letter of plaintext is replaced 
by a two-digit integer. One standard procedure is to use the following assignment 


A=00 H=07 O=14 V=21 
B=01 [=08 P=15 W=22 
C=02 J=09 Q=16 X=23 
D=03 K=10 R=17 Y=24 
E=04 L=11 S=18 Z=25 
F=05 M=12 T=19 

G=06 N=13 U=20 


with 26 being used to indicate an empty space between words. In this scheme, the 
message 


THE BROWN FOX IS QUICK 


would be transformed into the numerical string 
1907242601 171422132605 1423260818261620080210 


It is assumed that the plaintext number / is less than the enciphering modulus p; 
otherwise it would be impossible to distinguish M from a larger integer congruent 
to it modulo p. When the message is too lengthy to be represented by a single 
integer M < p, then it should be partitioned into blocks of digits M,, Mo,..., M; 
in which each block has the same number of digits. (A helpful guide is that when 
2525 < p < 15500 each block should contain four digits.) It may be necessary to 
fill out the final block by appending one or more 23’s, indicating X. 

Next, the sender disguises the plaintext number M as a ciphertext number r by 
raising M to the k power and reducing the result modulo p; that is, 


M* =r (mod p) 


At the other end, the intended recipient deciphers the transmitted communication 
by first determining the integer 2 < j < p — 2, the recovery exponent, for which 


kj =1 (mod p-—- 1) 
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This can be achieved by using the Euclidean algorithm to express j as a solution x 
to the equation 


kx +(p-Dy=1 


The recipient can now retrieve M from r by calculating the value r/ (mod p). For, 
knowing that kj = 1+ (p — 1)t for some t, Fermat’s theorem will lead to 


ri = (M*y = Me 
= M(M?-')! =M.-1' (mod p) 


The numbers p and k must be kept secret from all except the recipient of the message, 
who needs them to arrive at the value j. That is, the pair (p, k) forms the sender’s 
encryption key. 


Example 10.3. Let us illustrate the cryptographic procedure with a simple example: 
say, with the message 


SEND MONEY 


We select the prime p = 2609 for the enciphering modulus and the positive integer 
k = 19 for the enciphering exponent. The letters of the message are replaced by their 
numerical equivalents, producing the plaintext number 


18041303261214130424 
This string of digits is broken into four-digit blocks: 
1804 1303 2612 1413 0424 


Successive blocks are enciphered by raising each to the 19th power and then reducing 
modulo 2609. The method of repeated squaring can be used to make the exponentiation 
process more manageable. For instance, in the case of the block 1804 


1804? = 993 (mod 2609) 
18044 = 993* = 2456 (mod 2609) 
1804® = 2456? = 2537 (mod 2609) 
1804'° = 2537? = 2575 (mod 2609) 
and so 
180419 = 1804!*7+16 = 1804 . 993 . 2575 = 457 (mod 2609) 
The entire encrypted message consists of the list of numbers 
0457 0983 1538 2041 0863 


Since gcd(19, 2608) = 1, working backward through the equations of the Euclidean 
algorithm yields 


1 = 4- 2608 + (—549)19 


But —549 = 2059 (mod 2608) so that 1 = 2059-19 (mod 2608), making 2059 the 
recovery exponent. Indeed, 457°? = 1804 (mod 2609). 
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The exponential cryptosystem just described (the so-called Pohlig-Hellman sys- 
tem) has drawbacks when employed in a communication network with many users. 
The major problem is the secure delivery of the encryption key, for the key must 
be provided in advance of a ciphertext message in order for the decryption key to 
be calculated. There is also the disadvantage of having to make frequent changes 
to the encryption key—perhaps, with each message—to avoid having some diligent 
eavesdropper become aware of it. The concept of public-key cryptography was in- 
troduced to circumvent these difficulties. It also uses two distinct keys, but there is 
no easy computation method for deriving the decryption key from the encryption 
key. Indeed, the encryption key can safely be made public; the decryption key is 
secret and is owned solely by the message’s recipient. The advantage of a public-key 
cryptosystem is clear: it is not necessary for sender and recipient to part with a key, 
or even to meet, before they communicate with one another. 

Whitfield Diffie and Martin Hellman laid out the theoretical framework of 
public-key cryptography in their landmark 1976 paper, “New Directions in Cryptog- 
raphy.” Shortly thereafter, they developed a workable scheme, one whose security 
was grounded in a celebrated computation problem known as the knapsack problem. 
The public-key system most widely used today was proposed in 1978 by Ronald 
Rivest, Adi Shamir, and Leonard Adleman and is called RSA after their initials. 
Its security rests on the assumption that, in the current state of computer technol- 
ogy, the factorization of composite numbers involving large primes is prohibitively 
time-consuming. 

To initiate communication, a typical user of the RSA system chooses distinct 
primes p and q large enough to place the factorization of their product n = pq, 
the enciphering modulus, beyond current computational capabilities. For instance, 
p and q might be picked with 200 digits each so that n would have around 400 
digits. Having obtained n, the user takes for the enciphering exponent a random 
integer 1 < k < ¢(n) with gcd(k, d(n)) = 1. The pair (n, k) is placed in a public 
file, analogous to a telephone directory, to serve as the user’s personal encryption 
key. This allows anyone else in the network to forward a ciphered message to that 
individual. Notice that while the integer n is openly revealed, the listed public key 
does not mention the two factors of n. 

A person wishing to correspond privately with the user proceeds in the manner 
indicated earlier. The literal message is first converted into a plaintext number, which 
thereafter is partitioned into suitably sized blocks of digits. The sender looks up the 
user’s encryption key (n, k) in the public directory and disguises a block M <n by 
calculating 

M=r (mod n) 
The decryption process is carried out using the Euclidean algorithm to obtain the 
integer 1 < j < d(n) satisfying kj = 1 (mod ¢(n)); j exists because of the re- 
quirement gcd(k, d(n) = 1. Euler’s generalization of Fermat’s theorem plays a crit- 
ical role in confirming that the congruence r/ = M (mod n) holds. Indeed, since 
kj = 1+ ()t for some integer /, it follows that 


ri= (M*)/ = yitem 
= M(M*™) =M-1'=M (mod n) 
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The recovery exponent j can be determined only by someone who is aware of both 
the values k and ¢(n) = (p — 1)(q — 1) and, consequently, must know the prime 
factors p and g of n. This makes j secure from some undesired third party, who 
would know only the public key (n, k). The triple (p, q, j) can be viewed as the 
user’s private key. 


Example 10.4. For an illustration of the RSA public-key algorithm, let us carry through 
an example involving primes of an unrealistically small size. Suppose that a message 
is to be sent to an individual whose listed public-key is (2701, 47). The key was arrived 
at by selecting the two primes p = 37 and gq = 73, which in turn led to the encipering 
modulus n = 37 - 73 = 2701 and ¢(n) = 36 - 72 = 2592. Because gcd(47, 2592) = 1, 
the integer k = 47 was taken as the enciphering exponent. 

The message to be encrypted and forwarded is 


NO WAY TODAY 


It is first translated into a digital equivalent using the previously indicated letter sub- 
stitutions to become 


M = 131426220024261914030024 
This plaintext number is thereafter expressed as four-digit blocks 
1314 2622 0024 2619 1403 0024 


The corresponding ciphertext numbers are obtained by raising each block to the 47 
power and reducing the results modulo 2701. In the first block, repeated squaring 
produces the value 


1314*” = 1241 (mod 2701) 
The completed encryption of the message is the list 
1241 1848 0873 1614 2081 0873 


For the deciphering operation, the recipient employs the Euclidean algo- 
rithm to obtain the equation 47 - 1103 + 2592(—20) = 1, which is equivalent to 
47-1103 = 1 (mod 2592). Hence, j = 1103 is the recovery exponent. It follows that 


12411! = 1314 (mod 2701) 


and so on. 


For the RSA cryptosystem to be secure, it must not be computationally feasible 
to recover the plaintext M from the information assumed to be known to a third 
party, namely, the listed public-key (n, k). The direct method of attack would be 
to attempt to factor n, an integer of huge magnitude, for once the factors are deter- 
mined, the recovery exponent j can be calculated from ¢(n) = (p — 1)(q — 1) and 
k. Our confidence in the RSA system rests on what is known as the work factor, the 
expected amount of computer time needed to factor the product of two large primes. 
Factoring is computationally more difficult than distinguishing between primes and 
composites. On today’s fastest computers, a 200-digit number can routinely be tested 
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for primality in less than 20 seconds, whereas the running time required to factor 
a composite number of the same size is prohibitive. It has been estimated that the 
quickest factoring algorithm known can use approximately (1.2) 10? computer op- 
erations to resolve an integer with 200 digits into its prime factors. Assuming that 
each operation takes 1 nanosecond (10~? seconds), the factorization time would 
be about (3.8)10° years. Given unlimited computing time and some unimaginably 
efficient factoring algorithm, the RSA cryptosystem could be broken, but for the 
present it appears to be quite safe. All we need do is choose larger primes p and q 
for the enciphering moduli, always staying ahead of the current state of the art in 
factoring integers. 

A greater threat is posed by the use of widely distributed networks of computers, 
working simultaneously on pieces of data necessary for a factorization and commu- 
nicating their results to a central site. This is seen in the factoring of RSA-129, one 
of the most famous problems in cryptography. 

To demonstrate that their cryptosystem could withstand any attack on its security, 
the three inventors submitted a ciphertext message to Scientific American, with an 
offer of $100 to anyone who could decode it. The message depended on a 129-digit 
enciphering modulus that was the product of two primes of approximately the same 
length. This large number acquired the name RSA-129. Taking into account the 
most powerful factoring methods and fastest computers available at the time, it 
was estimated that at least 40 quadrillion years would be required to break down 
RSA-129 and decipher the message. However, by devoting enough computing power 
to the task, the factorization was realized in 1994. A worldwide network of some 
600 volunteers participated in the project, running more than 1600 computers over 
an 8-month period. What seemed utterly beyond reach in 1977 was accomplished a 
mere 17 years later. The plaintext message is the sentence 


“The magic words are squeamish ossifrage.” 


(An ossifrage, by the way, is a kind of hawk.) 

Drawn up in 1991, the 42 numbers in the RSA Challenge List serve as something 
of a test for recent advances in factorization methods. The latest factoring success 
showed that the 193-digit number (640 binary digits) RSA-640 could be written as 
the product of two primes having 95 digits each. The Challenge became inactive in 
2007. 


PROBLEMS 10.1 


1. Encrypt the message RETURN HOME using the Caesar cipher. 
2. If the Caesar cipher produced KDSSB ELUWKGDB, what is the plaintext message? 
3. (a) A linear cipher is defined by the congruence C = aP + b (mod 26), where a and b are 
integers with gcd(a, 26) = 1. Show that the corresponding decrypting congruence is 
P =a'(C — b) (mod 26), where the integer a’ satisfies aa’ = 1 (mod 26). 
(b) Using the linear cipher C = 5P + 11 (mod 26), encrypt the message NUMBER 
THEORY IS EASY. 
(c) Decrypt the message RXQTGU HOZTKGH FJ KTMMTG, which was produced using 
the linear cipher C = 3P + 7 (mod 26). 
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4. In a lengthy ciphertext message, sent using a linear cipher C = aP + b (mod 26), the 

most frequently occurring letter is Q and the second most frequent is J. 

(a) Break the cipher by determining the values of a and b. 

[Hint: The most often used letter in English text is E, followed by T.] 

(b) Write out the plaintext for the intercepted message WCPQ JZQO MX. 

5. (a) Encipher the message HAVE A NICE TRIP using a Vigenére cipher with the keyword 
MATH. 

(b) The ciphertext BS FMX KFSGR JAPWL is known to have resulted from a Vigenére 
cipher whose keyword is YES. Obtain the deciphering congruences and read the 
message. 

6. (a) Encipher the message HAPPY DAYS ARE HERE using the autokey cipher with 
seed Q. 

(b) Decipher the message BBOT XWBZ AWUVGK, which was produced by the autokey 

cipher with seed RX. 
7. (a) Use the Hill cipher 


C, = 5P, +2P>) (mod 26) 
Co = 3P, + 4P (mod 26) 


to encipher the message GIVE THEM TIME. 
(b) The ciphertext ALXWU VADCOJO has been enciphered with the cipher 


Ci 4P,; + 11P) (mod 26) 


Cy = 3P; + 8P2 (mod 26) 


Derive the plaintext. 
8. A long string of ciphertext resulting from a Hill cipher 


C,; = aP, + bP» (mod 26) 
C2 


revealed that the most frequently occurring two-letter blocks were HO and PP, in that 

order. 

(a) Find the values of a, b, c, and d. 
[Hint: The most common two-letter blocks in the English language are TH, followed 
by HE.] 

(b) What is the plaintext for the intercepted message PPIH HOG RAPVT? 

9. Suppose that the message GO SOX is to be enciphered using Verman’s telegraph cipher. 
(a) Express the message in Baudot code. 
(b) If the enciphering key is 


cP, + dP» (mod 26) 


0111010111101010100110010 


obtain the alphabetic form of the ciphertext. 
10. A plaintext message expressed in Baudot code has been converted by the Verman cipher 
into the string 


110001110000111010100101111111 
If it is known that the key used for encipherment was 
011101011001011110001001101010 


recover the message in its alphabetic form. 
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11. Encrypt the message GOOD CHOICE using an exponential cipher with modulus p = 
2609 and exponent k = 7. 

12. The ciphertext obtained from an exponential cipher with modulus p = 2551 and enci- 
phering exponent k = 43 is 


1518 2175 1249 0823 2407 


Determine the plaintext message. 

13. Encrypt the plaintext message GOLD MEDAL using the RSA algorithm with key 
(2561,3). 

14. The ciphertext message produced by the RSA algorithm with key (n, k) = (2573, 1013) is 


0464 1472 0636 1262 2111 


Determine the original message. [Hint: The Euclidean algorithm yields 1013-17 = 
1 (mod 2573).] 
15. Decrypt the ciphertext 


1030 1511 0744 1237 1719 


that was encrypted using the RSA algorithm with key (n, k) = (2623, 869). [Hint: The 
recovery exponent is j = 29.] 


10.2 THE KNAPSACK CRYPTOSYSTEM 


A public-key cryptosystem also can be based on the classic problem in combinatorics 
known as the knapsack problem, or the subset sum problem. This problem may be 
stated as follows: Given a knapsack of volume V and n items of various volumes 
a}, A2,...,Qy,, can a subset of these items be found that will completely fill the 
knapsack? There is an alternative formulation: For positive integers a), a2, ..., An 
and a sum V, solve the equation 


V = ayx2 + 2X2 + +++ + AnXn 


where x; = Oor 1 fori = 1,2,...,n. 
There might be no solution, or more than one solution, to the problem, depending 
on the choice of the sequence aj, d2,..., @, and the integer V. For instance, the 


knapsack problem 
22 = 3x; + 7x2 + 9x3 + 11x4 + 20x5 
is not solvable; but 
27 = 3x, + 7x2 + 9x3 + 11x4 + 20x5 
has two distinct solutions, namely 
Ss = 75 =0 
and 
y= x5 =) HE maHmwm=0 


Finding a solution to a randomly chosen knapsack problem is notoriously dif- 
ficult. None of the known methods for attacking the problem are substantially less 
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time-consuming than is conducting an exhaustive direct search, that is, by testing 
all the 2” possibilities for x;, x2,..., X,. This is computationally impracticable for 
n greater than 100, or so. 

However, if the sequence of integers a), a2, ... , d, happens to have some special 
properties, the knapsack problem becomes much easier to solve. We call a sequence 
@1,Q2,..., An, Superincreasing when each q; is larger than the sum of all the preceding 
ones; that is, 


aij > ay tag+--+-+aj_-1 ie eR 


A simple illustration of a superincreasing sequence is 1, 2, 4, 8,...,2”, where 
2 >2'-1=1+2+4+4+.--42'"!. For the corresponding knapsack problem, 


V =x, + 2x. + 443 4+---+2"x, V <2" 


the unknowns x; are just the digits in the binary expansion of V. 
Knapsack problems based on superincreasing sequences are uniquely solvable 
whenever they are solvable at all, as our next example shows. 


Example 10.5. Let us solve the superincreasing knapsack problem 
28 = 3x, + 5x. + 11x3 + 20x4 + 41x5 


We start with the largest coefficient in this equation, namely 41. Because 41 > 28, it 
cannot be part of our subset sum; hence x5 = 0. The next-largest coefficient is 20, with 
20 < 28. Now the sum of the preceding coefficients is 3 + 5+ 11 < 28, so that these 
cannot fill the knapsack; therefore 20 must be included in the sum, and so x4 = 1. 
Knowing the values of x4 and x5, the original problem may be rewritten as 


8 = 3x; + 5x2 + 11x3 


A repetition of our earlier reasoning now determines whether 11 should be in our 
knapsack sum. In fact, the inequality 11 > 8 forces us to take x3 = 0. Toclinch matters, 
we are reduced to solving the equation 8 = 3x; + 5x2, which has the obvious solution 
xX, = X2 = 1. This identifies a subset of 3, 5, 11, 20, 41 having the desired sum: 


28 =3+5+20 


It is not difficult to see how the procedure described in Example 10.5 operates, 
in general. Suppose that we wish to solve the knapsack problem 


V =ayx, +Qoxo +-++ + a,x, 


where 1, a2, ..., A, 1S a Superincreasing sequence of integers. Assume that V can 
be obtained by using some subset of the sequence, so that V is not larger than the 
sum a; + a2 +---+a,. Working from right to left in our sequence, we begin by 
letting x, = 1if V >a, and x, = Oif V < a,. Then obtain x,_1, Xn_2,..., 1, in 
turn, by choosing 


1 if V — (Qj41Xi41 reas ted AnXn) 2 aj 


Xi = 
O if V — Gigi Xig1 +++ + OnXn) < Gj 
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With this algorithm, knapsack problems using superincreasing sequences can be 
solved quite readily. 

A public-key cryptosystem based on the knapsack problem was devised by 
R. Merkle and M. Hellman in 1978. It works as follows. A typical user of the system 
starts by choosing a superincreasing sequence dj, a2, ... , d,. Now select a modulus 
m > 2a, and a multiplier a, with 0 < a < m and gcd(a, m) = 1. This ensures that 
the congruence ax = 1 (mod m) has a unique solution, say, x = c (mod m). Finally, 
form the sequence of integers b;, b2,..., b, defined by 


b; = aa; (mod m) i Oy eee.) 


where 0 < b; < m. Carrying out this last transformation generally destroys the 
superincreasing property enjoyed by the a;. 

The user keeps secret the original sequence aj, a2, ..., @n, and the numbers m 
and a, but publishes b,, b2,..., b, in a public directory. Anyone wishing to send a 
message to the user employs the publicly available sequence as the encryption key. 

The sender begins by converting the plaintext message into a string M of 0’s 
and 1’s using the binary equivalent of letters: 


Letter Binary equivalent Letter Binary equivalent 


A 00000 N 01101 
B 00001 Oo 01110 
C 00010 P 01111 
D 00011 Q 10000 
E 00100 R 10001 
F 00101 S 10010 
G 00110 T 10011 
H 00111 18 10100 
I 01000 Vv 10101 
J 01001 Ww 10110 
K 01010 x 10111 
L 01011 Y 11000 
M 01100 Z 11001 
For example, the message 
First Place 


would be converted into the numerical representation 


M =00101 01000 10001 10010 10011 01111 01011 00000 
00010 00100 


The string is then split into blocks of n binary digits, with the last block being filled 
out with 1’s at the end, if necessary. The public encrypting sequence by, b2,..., by 
is next used to transform a given plaintext block, say x;x2---x,, into the sum 


S = bx, + boxg +--+ + Dyn Xn 


The number S is the hidden information that the sender transmits over a communi- 
cation channel, which is presumed to be insecure. 
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Notice that because each x; is either 0 or 1, the problem of recreating the plaintext 
block from S is equivalent to solving an apparently difficult knapsack problem 
(“difficult” because the sequence b;, b2,..., b, is not necessarily superincreasing). 
On first impression, the intended recipient and any eavesdropper are faced with the 
same task. However, with the aid of the private decryption key, the recipient can 
change the difficult knapsack problem into an easy one. No one without the private 
key can make this change. 

Knowing c and m, the recipient computes 


S’ = cS (mod m) 0<S’<m 

or, expanding this, 

S’ = chix, + cbox2 +--+ + cby_xX,_ (mod m) 

= caa,x, + Caa2nx2 +--+ + CaanX, (mod m) 
Now ca = 1 (mod m), so that the previous congruence becomes 
S’ = ayx; + agx2 + +++ + ,Xn (mod m) 
Because m was initially chosen to satisfy m > 2a, > a; + a2 +--+ + a,, we obtain 
GX + agxX2 + +++ anX_, < m. In light of the condition 0 < S’ < m, the equality 
S! = ayx, Hanx. +++ + ayXy 

must hold. The solution to this superincreasing knapsack problem furnishes the 
solution to the difficult problem, and the plaintext block x)x2---x, of n digits is 
thereby recovered from S. 


To help make the technique clearer, we consider a small-scale example with 
so 


Example 10.6. Suppose that a typical user of this cryptosystem selects as a secret key 
the superincreasing sequence 3, 5, 11, 20, 41, the modulus m = 85, and the multiplier 
a = 44. Each member of the superincreasing sequence is multiplied by 44 and reduced 
modulo 85 to yield 47, 50, 59, 30, 19. This is the encryption key that the user submits 
to the public directory. 

Someone who wants to send a plaintext message to the user, such as 


HELP US 
first converts it into the following string of 0’s and 1’s: 
M =00111 00100 01011 01111 10100 10010 


The string is then broken up into blocks of digits, in the current case blocks of length 5. 
Using the listed public key to encrypt, the sender transforms the successive blocks into 
108 = 47-04 50-0+59-1+30-14+19-1 

59 = 47.04 50-04+59-1+30-0+ 19. 
99 = 47.04 50-14+59-0+30-1+19- 
158 = 47-04+ 50-1+59-1+30-1+419- 
106 = 47-14+50-0+59-1+30-04 19. 
77 = 47-14+50-04+59-0+30-1+19- 


co a ee) 
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The transmitted ciphertext consists of the sequence of positive integers 
108 59 99 158 106 77 


To read the message, the legitimate receiver first solves the congruence 44x = 1 
(mod 85), yielding x = 29 (mod 85). Then each ciphertext number is multiplied by 29 
and reduced modulo 85, to produce a superincreasing knapsack problem. For instance, 
108 is converted to 72, because 108 - 29 = 72 (mod 85); the corresponding knapsack 
problem is 


72 = 3x, + 5x2 + 11%3 + 20x4 + 41%5 


The procedure for handling superincreasing knapsack problems quickly produces the 
solution x; = x2 = 0,x3 = x4 = x5 = 1. Inthis way, the first block 00111 of the binary 
equivalent of the plaintext is recovered. 

The time required to decrypt a knapsack ciphertext message seems to grow expo- 
nentially with the number of items in the knapsack. For a high level of security, the 
knapsack should contain at least 250 items to choose from. As a second illustration 
of how this cryptosystem works, let us note the effect of expanding to n = 10 the 
knapsack of Example 10.6. 


Example 10.7. Suppose that the user employs the superincreasing sequence 
3,5, 11, 20, 41, 83, 179, 344, 690, 1042 


Taking m = 2618 and a = 929, each knapsack item is multiplied by a and reduced 
modulo m to produce the publicly listed enciphering key 


169, 2027, 2365, 254, 1437, 1185, 1357, 180, 2218, 1976 


If the message NOT NOW is to be forwarded, its binary equivalent may be partitioned 
into blocks of ten digits as 


0110101110 1001101101 0111010110 


A given block is encrypted by adding the numbers in the enciphering key whose 
locations correspond to the 1’s in the block. This will produce the ciphertext 


9584 5373 8229 


with larger values than those in Example 10.6. 

The recipient recovers the hidden message by multiplying each ciphertex number 
by the solution of the congruence 929x = 1 (mod 2618); that is, by 31 (mod 2618). 
For instance, 9584 -31 = 1270 (mod 2618) where 1270 can be expressed in terms of 
the superincreasing sequence as 


1270 =54+ 114 414 179 + 344 + 690 


The location of each right-hand integer in the knapsack then translates into 0110101110, 
the initial binary block. 


The Merkle-Hellman cryptosystem aroused a great deal of interest when it was 
first proposed, because it was based on a provably difficult problem. However, in 
1982, A. Shamir invented a reasonably fast algorithm for solving knapsack problems 
that involved sequences b,, bz, ..., b,, where b; = aa; (mod m) and aj, ao, ..., An 
is superincreasing. The weakness of the system is that the public encryption key 
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by, bz,..., by 18 too special; multiplying by a and reducing modulo m does not 
completely disguise the sequence aj, a2, ... , dn. The system can be made somewhat 
more secure by iterating the modular multiplication method with different values of a 
and m, so that the public and private sequences differ by several transformations. But 
even this construction was successfully broken in 1985. Although most variations 
of the Merkle-Hellman scheme have been shown to be insecure, there are a few that 
have, so far, resisted attack. 


PROBLEMS 10.2 
1. Obtain all solutions of the knapsack problem 
21 = 2x, + 3x2 + 5x3 + 7x4 + 9x5 + 11X6 


2. Determine which of the sequences below are superincreasing: 

(a) 3, 13, 20, 37, 81. 
(b) 5, 13, 25, 42, 90. 
(c) 7, 27, 47, 97, 197, 397. 

3. Find the unique solution of each of the following superincreasing knapsack problems: 
(a) 118 = 4x, + 5x2 + 10x3 + 20x4 + 41x5 + 99x¢6. 

(b) 51 = 3x1 + 5x2 + 9x3 + 18x4 + 37x5. 
(c) 54 = x1 + 2x2 + 5x3 + 9x4 + 18x5 + 40X¢6. 

4. Consider a sequence of positive integers a), a2,..., Gn, where aj; > 2a; fori = 1, 
2,...,” — 1. Show that the sequence is superincreasing. 

5. Auserof the knapsack cryptosystem has the sequence 49, 32, 30, 43 as a listed encryption 
key. If the user’s private key involves the modulus m = 50 and multiplier a = 33, 
determine the secret superincreasing sequence. 

6. The ciphertext message produced by the knapsack cryptosystem employing the super- 
increasing sequence 1, 3, 5, 11, 35, modulus m = 73, and multiplier a = 5 is 55, 15, 
124, 109, 25, 34. Obtain the plaintext message. 

[Hint: Note that 5 - 44 = 1 (mod 73).] 

7. A.user of the knapsack cryptosystem has a private key consisting of the superincreasing 

sequence 2, 3, 7, 13, 27, modulus m = 60, and multiplier a = 7. 
(a) Find the user’s listed public key. 
(b) With the aid of the public key, encrypt the message SEND MONEY. 


10.3 AN APPLICATION OF PRIMITIVE 
ROOTS TO CRYPTOGRAPHY 


Most modern cryptographic schemes rely on the presumed difficulty of solving some 
particular number theoretic problem within a reasonable length of time. For instance, 
the security underlying the widely used RSA cryptosystem discussed in Section 
10.1 is the sheer effort required to factor large numbers. In 1985, Taher ElGamal 
introduced a method of encrypting messages based on a version of the so-called 
discrete logarithm problem: that is, the problem of finding the power 0 < x < ¢(n), 
if it exists, which satisfies the congruence r* = y (modzn) for givenr, y, andn. The 
exponent x is said to be the discrete logarithm of y to the base r, modulo n. The 
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advantage of requiring that the base r be a primitive root of prime number n is the 
assurance that y will always have a well-defined discrete logarithm. The logarithm 
could be found by exhaustive search; that is, by calculating the successive powers of 
r until y =r* (modzn) is reached. Of course, this would generally not be practical 
for a large modulus n of several hundred digits. 

Example 8.4 indicates that, say, the discrete logarithm of 7 to the base 2 modulo 
13 is 11; expressed otherwise, 11 is the smallest positive integer x for which 2* = 
7 (mod 13). In that example, we used the classical notation 11 = ind27 (mod 13) 
and spoke of 11 as being the index of 7, rather than employing the more current 
terminology. 

The ElGamal cryptosystem, like the RSA system, requires that each user possess 
both a public and a private (secret) key. The means needed to transmit a ciphered 
message between parties is announced openly, even published in a directory. How- 
ever, deciphering can be done only by the intended recipient using a private key. 
Because knowledge of the public key and the method of encipherment is not suffi- 
cient to discover the other key, confidential information can be communicated over 
an insecure channel. 

A typical user of this system begins by selecting a prime number p along with 
one of its primitive roots r. Then an integer k, where 2 < k < p — 2, is randomly 
chosen to serve as the secret key; thereafter, 


a=r*(mod p) 0<a<p-l1 


is calculated. The triple of integers (p, r, a) becomes the person’s public key, made 
available to all others for cryptographic purposes. The value of the exponent k 
is never revealed. For an unauthorized party to discover k would entail solving a 
discrete logarithm problem that would be nearly intractable for large values of a 
and p. 

Before looking at the enciphering procedure, we illustrate the selection of the 
public key. 


Example 10.8. Suppose that an individual begins by picking the prime p = 113 and 
its smallest primitive root r = 3. The choice k = 37 is then made for the integer 
satisfying 2 < k < 111. It remains to calculate a = 3°” (mod 113). The exponenti- 
ation can be readily accomplished by the technique of repeated squaring, reducing 
modulo 113 at each step: 


3! = 3 (mod 113) 38 = 7 (mod 113) 
32 = 9 (mod 113) 316 = 49 (mod 113) 
34 = 81(mod113) —-3?2 = 28 (mod 113) 


and so 

a = 3°’ =3!. 34.337 =3.81-28 = 6304 = 24 (mod 113) 
The triple (113, 3, 24) serves as the public key, while the integer 37 becomes the secret 
deciphering key. 


Here is how ElGamal encryption works. Assume that a message is to be sent 
to someone who has public key (p, 7, a) and also the corresponding private key k. 
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The transmission is a string of integers smaller than p. Thus, the literal message is 
first converted to its numerical equivalent M by some standard convention such as 
letting a = 00,b = 01,...,z = 25. If M => p, then M is split into successive blocks, 
each block containing the same (even) number of digits. It may be necessary to add 
extra digits (say, 25 = z), to fill out the final block. 

The blocks of digits are encrypted separately. If B denotes the first block, then 
the sender—who is aware of the recipient’s public key—arbitrarily selects an integer 
2 < j < p —2 and computes two values: 


C,; =r/ (mod p) and C)= Ba! (mod p), 0<C),C2<p-1 


The numerical ciphertext associated with the block B is the pair of integers (C;, C2). 
It is possible, in case greater security is needed, for the choice of j to be changed 
from block to block. 

The recipient of the ciphertext can recover the block B by using the secret 
key k. All that needs to be done is to evaluate first C : Pie (mod p) and then 
P= Cea (mod p); for 


P=C,C?'* =(Baiyriy ** 


= B(r*y! (ri@-D-sk) 

= Bie) 

= B (mod p) 
where the final congruence results from the Fermat identity r?~! = 1 (mod p). 
The main point is that the decryption can be carried out by someone who knows the 
value of k. 


Let us work through the steps of the encryption algorithm, using a reasonably 
small prime number for simplicity. 


Example 10.9. Assume that the user wishes to deliver the message 
SELL NOW 


to a person who has the secret key k = 15 and public encryption key (p,r,a) = 
(43, 3, 22), where 22 = 3! (mod 43). The literal plaintext is first converted to the 
string of digits 

M = 18041111131422 


To create the ciphertext, the sender selects an integer j satisfying 2 < j < 41, perhaps 
J = 23, and then calculates 


ri = 3% = 34(mod43) and a/ = 227% = 32 (mod 43) 


Thereafter, the product a/ B = 32B (mod 43) is computed for each two-digit block B 
of M. The initial block, for instance, is encrypted as 32 - 18 = 17 (mod 43). The entered 
digital message M is transformed in this way into a new string 


M' = 17420808291816 
The ciphertext that goes forward takes the form 
(34, 17) G4, 42) (34, 08) (34, 08) (34, 29) (34, 18) (34, 16) 
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On the arrival of the message, the recipient uses the secret key to obtain 
(r’) 


Each second entry in the ciphertext pairs is decrypted on multiplication by this last 
value. The first letter, S, in the sender’s original message would be recovered from the 
congruence 18 = 39 - 17 (mod 43), and so on. 


P-I-k — 3427 — 39 (mod 43) 


An important aspect of a cryptosystem should be its ability to confirm the 
integrity of a message; because everyone knows how to send a message, the recipient 
must be sure that the encryption was really issued by an authorized person. The usual 
method of protecting against possible third-party forgeries is for the person sending 
the message to have a digital “signature,” the electronic analog of a handwritten 
signature. It should be difficult to tamper with the digital signature, but its authenticity 
should be easy to recognize. Unlike a handwritten signature, it should be possible 
to vary a digital signature from one communication to another. 

A feature of the ElGamal cryptosystem is an efficient procedure for authenti- 
cating messages. Consider a user of the system who has public key (p, r, a), private 
key k, and encrypted message M. The first step toward supplying a signature is to 
choose an integer 1 < j < p — 1 where gcd (j, p — 1) = 1. Taking a piece of the 
plaintext message —for instance, the first block B—the user next computes 


c=r/(modp), O0O<j<p-1 
and then obtains a solution of the linear congruence 
jd+kc=B(modp-1), O<d<p-—2 


The solution d can be found using the Euclidean algorithm. The pair of integers (c, d) 
is the required digital signature appended to the message. It can be created only by 
someone aware of the private key k, the random integer j, and the message M. 

The recipient uses the sender’s public key (p,r,a) to confirm the purported 
signature. It is simply a matter of calculating the two values 


V, =a‘c* (mod p), V2=r? (mod p), 0<Vi,V2<p-1 


The signature is accepted as legitimate when V; = Vp». That this equality should 
take place follows from the congruence 


V, atc? Bry)? 
= pke+jd 
=r? = V> (mod p) 


Notice that the personal identification does not require the recipient to know the 
sender’s private key k. 


Example 10.10. The person having public key (43, 3, 22) and private key k = 15 wants 
to sign and reply to the message SELL NOW. This is carried out by first choosing an 
integer 0 < j < 42 with gcd(j, 42) = 1, say j = 25. If the first block of the encoded 
reply is B = 13, then the person calculates 


c = 3° =5 (mod 43) 
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and thereafter solves the congruence 
25d = 13 —5 - 15 (mod 42) 


for the value d = 16 (mod 42). The digital signature attached to the reply consists of 
the pair (5, 16). On its arrival, the signature is confirmed by checking the equality of 
the integers V, and V2: 


V, = 22° . 516 = 39. 40 = 12 (mod 43) 
V> = 3 = 12 (mod 43) 


PROBLEMS 10.3 


1. 


The message REPLY TODAY is to be encrypted in the ElGamal cryptosystem and 
forwarded to a user with public key (47, 5, 10) and private key k = 19. 

(a) If the random integer chosen for encryption is 7 = 13, determine the ciphertext. 
(b) Indicate how the ciphertext can be decrypted using the recipient’s private key. 


Suppose that the following ciphertext is received by a person having E]Gamal public 
key (71, 7, 32) and private key k = 30: 


(56,45) (56,38) (56,29) (56,03) (56, 67) 
(56,05) (56,27) (56,31) (56,38) (56, 29) 


Obtain the plaintext message. 

The message NOT NOW (numerically 131419131422) is to be sent to a user of the 

ElGamal system who has public key (37, 2, 18) and private key k = 17. If the integer 

j used to construct the ciphertext is changed over successive four-digit blocks from 

j = 13 to j = 28 to j = 11, what is the encrypted message produced? 

Assume that a person has ElGamal public key (2633, 3, 1138) and private key k = 965. 

If the person selects the random interger j = 583 to encrypt the message BEWARE OF 

THEM, obtain the resulting ciphertext. 

[Hint: 3°? = 1424 (mod 2633), 1138°83 = 97 (mod 2633).] 

(a) A person with public key (31, 2, 22) and private key k = 17 wishes to sign a message 
whose first plaintext block is B = 14. If 13 is the integer chosen to construct the 
signature, obtain the signature produced by the ElGamal algorithm. 

(b) Confirm the validity of this signature. 


CHAPTER 
NUMBERS OF SPECIAL FORM 


In most sciences one generation tears down what another has built and what 
one has established another undoes. In Mathematics alone each generation 
builds a new story to the old structure. 

HERMANN HANKEL 


11.1 MARIN MERSENNE 


The earliest instance we know of a regular gathering of mathematicians is the group 
held together by an unlikely figure—the French priest Father Marin Mersenne (1588— 
1648). The son of a modest farmer, Mersenne received a thorough education at 
the Jesuit College of La Fléche. In 1611, after two years studying theology at the 
Sorbonne, he joined the recently founded Franciscan Order of Minims. Mersenne 
entered the Minim Convent in Paris in 1619 where, except for short trips, he remained 
for the rest of his life. 

Mersenne lamented the absence of any sort of formal organization to which 
scholars might resort. He responded to this need by making his own rooms at the 
Minim Convent available as a meeting place for those drawn together by common 
interests, eager to discuss their respective discoveries and hear of similar activity else- 
where. The learned circle he fostered—composed mainly of Parisian mathematicians 
and scientists but augmented by colleagues passing through the city—seems to have 
met almost continuously from 1635 until Mersenne’s death in 1648. At one of these 
meetings, the precocious 14-year-old Blaise Pascal distributed his handbill Essay 
pour les coniques containing his famous “mystic hexagram” theorem; Descartes 
could only grumble that he could not “pretend to be interested in the work of a boy.” 
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After Mersenne’s death, the august sessions continued to be held at private homes in 
and around Paris, including Pascal’s. It is customary to regard the Académie Royale 
des Sciences, chartered in 1666, as the more or less direct successor of these informal 
gatherings. 

From 1625 onward, Mersenne made it his business to become acquainted with 
everyone of note in the European intellectual world. He carried out this plan through 
an elaborate network of correspondence which lasted over 20 years. In essence, 
he became an individual clearinghouse of mathematical and scientific information, 
trading news of current advances in return for more news. For instance, in 1645 
Mersenne visited the physicist Torricelli in Italy, and made widely known Torricelli’s 
use of a rising column of mercury in a vacuum tube to demonstrate atmospheric 
pressure. Mersenne’s communications, dispersed over the Continent by passing 
from hand to hand, were the vital link between isolated members of the emerging 
scientific community at a time when the publication of learned journals still lay in the 
future. 

After Mersenne’s death, letters from 78 correspondents scattered over Western 
Europe were found in his Parisian quarters. Among his correspondents were Huygens 
in Holland, Torricelli and Galileo in Italy, Pell and Hobbes in England, and the 
Pascals, father and son, in France. He had also served as the main channel of commu- 
nication between the French number theorists Fermat, Frénicle, and Descartes; their 
exchanged letters determined the sorts of problems these three chose to investigate. 

Mersenne was not himself a serious contributor to the subject, rather a remark- 
able interested person prodding others with questions and conjectures. His own 
queries tended to be rooted in the classical Greek concern with divisibility. For in- 
stance, in a letter written in 1643, he sent the number 100895598169 to Fermat with 
a request for its factors. (Fermat responded almost immediately that it is the product 
of the two primes 898423 and 112303.) On another occasion he asked for a number 
that has exactly 360 divisors. Mersenne was also interested in whether or not there 
exists a so-called perfect number with 20 or 21 digits, the underlying question really 
being to find out whether 2” — 1 is prime. Fermat discovered that the only prime 
divisors of 2?’ — 1 are of the form 74k + 1 and that 223 is such a factor, thereby 
supplying a negative answer to Mersenne. 

Mersenne was the author of various works dealing with the mathematical sci- 
ences, including Synopsis Mathematica (1626), Traité de l’Harmonie Universelle 
(1636-1637), and Universae Geometriae Synopsis (1644). A believer in the new 
Copernican theory of the earth’s motion, he was virtually Galileo’s representative 
in France. He brought out (1634), under the title Les Mécaniques de Galilée, a ver- 
sion of Galileo’s early lectures on mechanics; and, in 1639, a year after its original 
publication, he translated Galileo’s Discorsi—a treatise analyzing projectile motion 
and gravitational acceleration—into French. As Italian was little understood abroad, 
Mersenne was instrumental in popularizing Galileo’s investigations. It is notable 
that he did this as a faithful member of a Catholic religious order at the height 
of the Church’s hostility to Galileo and its condemnation of his writings. Perhaps 
Mersenne’s greatest contribution to the scientific movement lay in his rejection of 
the traditional interpretation of natural phenomena, which had stressed the action of 
“occult” powers, by insisting instead upon purely rational explanations. 
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Marin Mersenne 
(1588-1648) 


(David Eugene Smith Collection, Rare Book and 
Manuscript Library, Columbia University) 


11.2 PERFECT NUMBERS 


The history of the theory of numbers abounds with famous conjectures and open 
questions. The present chapter focuses on some of the intriguing conjectures asso- 
ciated with perfect numbers. A few of these have been satisfactorily answered, but 
most remain unresolved; all have stimulated the development of the subject as a 
whole. 

The Pythagoreans considered it rather remarkable that the number 6 is equal to 
the sum of its positive divisors, other than itself: 


6=142+3 


The next number after 6 having this feature is 28; for the positive divisors of 28 are 
found to be 1, 2, 4, 7, 14, and 28, and 


28=14+2+4+7+14 


In line with their philosophy of attributing mystical qualities to numbers, 
the Pythagoreans called such numbers “perfect.” We state this precisely in 
Definition 11.1. 


Definition 11.1. A positive integer n is said to be perfect if n is equal to the sum of all 
its positive divisors, excluding n itself. 


The sum of the positive divisors of an integer n, each of them less than n, is given 
by o(n) — n. Thus, the condition “n is perfect” amounts to asking that o(n) —n =n, 
or equivalently, that 


o(n) = 2n 
For example, we have 


o(6)=1+2+3+6=2:6 
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and 
0(28) =14+2+44+74 144 28 = 2-28 


so that 6 and 28 are both perfect numbers. 

For many centuries, philosophers were more concerned with the mystical or 
religious significance of perfect numbers than with their mathematical properties. 
Saint Augustine explains that although God could have created the world all at once, 
He preferred to take 6 days because the perfection of the work is symbolized by 
the (perfect) number 6. Early commentators on the Old Testament argued that the 
perfection of the universe is represented by 28, the number of days it takes the 
moon to circle the earth. In the same vein, the 8th century theologian Alcuin of York 
observed that the whole human race is descended from the 8 souls on Noah’s Ark and 
that this second Creation is less perfect than the first, 8 being an imperfect number. 

Only four perfect numbers were known to the ancient Greeks. Nicomachus in 
his Introductio Arithmeticae (circa 100 A.D.) lists 


Fi =6 Po = 28 P3 = 496 Py = 8128 


He says that they are formed in an “orderly” fashion, one among the units, one among 
the tens, one among the hundreds, and one among the thousands (that is, less than 
10,000). Based on this meager evidence, it was conjectured that 


1. The nth perfect number P, contains exactly n digits; and 
2. The even perfect numbers end, alternately, in 6 and 8. 


Both assertions are wrong. There is no perfect number with 5 digits; the next 
perfect number (first given correctly in an anonymous 15th century manuscript) is 


Ps = 33550336 
Although the final digit of Ps is 6, the succeeding perfect number, namely, 
Pe = 8589869056 


also ends in 6, not 8 as conjectured. To salvage something in the positive direction, 
we shall show later that the even perfect numbers do always end in 6 or 8—but not 
necessarily alternately. 

If nothing else, the magnitude of Ps should convince the reader of the rarity of 
perfect numbers. It is not yet known whether there are finitely many or infinitely 
many of them. 

The problem of determining the general form of all perfect numbers dates back 
almost to the beginning of mathematical time. It was partially solved by Euclid when 
in Book IX of the Elements he proved that if the sum 


14+24+274+2?+---4+2% 1 = p 


is a prime number, then 2‘! p is a perfect number (of necessity even). For instance, 
1+2+4=7 isa prime; hence, 4-7 = 28 is a perfect number. Euclid’s argument 


NUMBERS OF SPECIAL FORM 223 


makes use of the formula for the sum of a geometric progression 
14242742? 4.0042)! = oF — 1 


which is found in various Pythagorean texts. In this notation, the result reads as 
follows: If 2 — 1 is prime (k > 1), then n = 2*~1(2* — 1) is a perfect number. 
About 2000 years after Euclid, Euler took a decisive step in proving that all even 
perfect numbers must be of this type. We incorporate both these statements in our 
first theorem. 


Theorem 11.1. If 2 — 1 is prime (k > 1), thenn = 2*-1(2* — 1) is perfect and every 
even perfect number is of this form. 


Proof. Let 2* — 1 = p, a prime, and consider the integer n = 2*~!p. Inasmuch as 
gcd(2‘—!, p) = 1, the multiplicativity of o (as well as Theorem 6.2) entails that 


a(n) = o(2*! p) = o(2*“')o(p) 
= (2* —1)(p +1) 
= (2 — 1)2* = 2n 


making n a perfect number. 
For the converse, assume that n is an even perfect number. We may write n as 
n = 2*—!m, where m is an odd integer andk > 2. It follows from gcd(2*~!, m) = 1 that 


o(n) = 0 (2*!m) = o (2*“)o(m) = (2° — 1)o(m) 
whereas the requirement for a number to be perfect gives 
o(n) = 2n = 2*m 
Together, these relations yield 
2m = (2* — 1)0(m) 


which is simply to say that (2* — 1)|2*m. But 2* — 1 and 2* are relatively prime, 
whence (2* — 1)|m; say, m = (2* — 1)M. Now the result of substituting this value of 
m into the last-displayed equation and canceling 2* — 1 is that o(m) = 2M. Because 
m and M are both divisors of m (with M < m), we have 


2*M =o(m)>m+M=2'M 


leading to o(m) = m+ M. The implication of this equality is that m has only two 
positive divisors, to wit, M and m itself. It must be that m is prime and M = 1; in other 
words, m = (2* — 1)M = 2* — 1 is a prime number, completing the present proof. 


Because the problem of finding even perfect numbers is reduced to the search 
for primes of the form 2* — 1, a closer look at these integers might be fruitful. One 
thing that can be proved is that if 2 — 1 is a prime number, then the exponent k must 
itself be prime. More generally, we have the following lemma. 


Lemma. If a* — 1 is prime (a > 0,k > 2), then a = 2 and k is also prime. 
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Proof. \t can be verified without difficulty that 
a Sa a ae oe a) 
where, in the present setting, 
a +g? 4..ta4+1>a+1>1 


Because by hypothesis a‘ — 1 is prime, the other factor must be 1; that is, a — 1 = 1 
so that a = 2. 
If k were composite, then we could write k = rs, with 1 < r and 1 < s. Thus, 


a*—l=(a’y-1 
= (a” os 1)(a™@-Y ae q’&-2) alos CE a’ ob 1) 


and each factor on the right is plainly greater than 1. But this violates the primality of 
a* — 1, so that by contradiction k must be prime. 


For p = 2, 3,5, 7, the values 3, 7, 31, 127 of 2? — 1 are primes, so that 
2(27 -1)=6 
27(2? — 1) = 28 
24(25 — 1) = 496 
2°(2’ — 1) = 8128 


are all perfect numbers. 

Many early writers erroneously believed that 2? — 1 is prime for every choice of 
the prime number p. But in 1536, Hudalrichus Regius in a work entitled Utriusque 
Arithmetices exhibits the correct factorization 


2'!_ 1 = 2047 = 23. 89 


If this seems a small accomplishment, it should be realized that his calculations 
were in all likelihood carried out in Roman numerals, with the aid of an abacus (not 
until the late 16th century did the Arabic numeral system win complete ascendancy 
over the Roman one). Regius also gave p = 13 as the next value of p for which the 
expression 2? — 1 is a prime. From this, we obtain the fifth perfect number 


2!2(2'9 — 1) = 33550336 


One of the difficulties in finding further perfect numbers was the unavailability of 
tables of primes. In 1603, Pietro Cataldi, who is remembered chiefly for his invention 
of the notation for continued fractions, published a list of all primes less than 5150. 
By the direct procedure of dividing by all primes not exceeding the square root of a 
number, Cataldi determined that 2!’ — 1 was prime and, in consequence, that 


2!6(2"” — 1) = 8589869056 


is the sixth perfect number. 

A question that immediately springs to mind is whether there are infinitely many 
primes of the type 2? — 1, with p a prime. If the answer were in the affirmative, 
then there would exist an infinitude of (even) perfect numbers. Unfortunately, this 
is another famous unresolved problem. 
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This appears to be as good a place as any at which to prove our theorem on the 
final digits of even perfect numbers. 


Theorem 11.2. An even perfect number n ends in the digit 6 or 8; equivalently, either 
n = 6 (mod 10) orn = 8 (mod 10). 


Proof. Being an even perfect number, n may be represented as n = 2'—! (2* — 1), 
where 2* — 1 is a prime. According to the last lemma, the exponent k must also be 
prime. If k = 2, then n = 6, and the asserted result holds. We may therefore confine 
our attention to the case k > 2. The proof falls into two parts, according as k takes the 
form 4m + 1 or 4m + 3. 

If k is of the form 4m + 1, then 


n = 24(24m+1 _ 1) 
a Qtetl oF = 2..16°"% = 16" 
A straightforward induction argument will make it clear that 16‘ = 6 (mod 10) for any 
positive integer ¢. Utilizing this congruence, we get 
n=2-6—6= 6(mod 10) 
Now, in the case in which k = 4m + 3, 
n = 24+2(24m+3 _ 1) 

— 28m+5 _ 24m+2 — 2. 162m+1 _ 4.16" 
Falling back on the fact that 16° = 6 (mod 10), we see that 

n=2-6—4-6=~—12 = 8 (mod 10) 


Consequently, every even perfect number has a last digit equal to 6 or to 8. 


A little more argument establishes a sharper result, namely, that any even perfect 
number n = 2*~1(2* — 1) always ends in the digits 6 or 28. Because an integer is 
congruent modulo 100 to its last two digits, it suffices to prove that, if k is of the 
form 4m + 3, then n = 28 (mod 100). To see this, note that 


Qk-1 — o4mt2 _ 16".4=6-4 = 4 (mod 10) 


Moreover, for k > 2, we have 4 | 2—!, and therefore the number formed by the last 
two digits of 2‘! is divisible by 4. The situation is this: The last digit of 2! is 4, 
and 4 divides the last two digits. Modulo 100, the various possibilities are 


2k-! = 4 24, 44, 64, or 84 
But this implies that 
2k —1 =2.2*"! —1 =7, 47, 87, 27, or 67 (mod 100) 
whence 
ne 21h 1) 
= 4.7,24-47, 44 - 87, 64 - 27, or 84 - 67 (mod 100) 


It is a modest exercise, which we bequeath to the reader, to verify that each of the 
products on the right-hand side of the last congruence is congruent to 28 modulo 100. 
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PROBLEMS 11.2 


1. 


Mn & We 


10. 


11. 


12. 


13. 


Prove that the integer n = 2!°(2'! — 1) is not a perfect number by showing that 


o(n) # 2n. 
[Hint: 2!! — 1 = 23-89] 


. Verify each of the statements below: 


(a) No power of a prime can be a perfect number. 
(b) A perfect square cannot be a perfect number. 
(c) The product of two odd primes is never a perfect number. 
[Hint: Expand the inequality (p — 1)(q¢ — 1) > 2to get pg > p+q+1.] 


. If n is a perfect number, prove that )°, in L/d = 2. 
. Prove that every even perfect number is a triangular number. 
. Given that n is an even perfect number, for instance n = 2*—1(2* — 1), show that the 


integern = 14+2+3+---+(2* — 1) and also that g(n) = 2*-!(2*-! — 1). 


. For an even perfect number n > 6, show the following: 


(a) The sum of the digits of n is congruent to 1 modulo 9. 
[Hint: The congruence 2° = 1 (mod 9) and the fact that any prime p > 5 is of the 
form 6k + 1 or 6k + 5 imply that n = 2?-1(2? — 1) = 1 (mod 9).] 

(b) The integer n can be expressed as a sum of consecutive odd cubes. 
[Hint: Use Section 1.1, Problem 1(e) to establish the identity below for all k > 1: 


1° zit 33 du 533 Rares cr 4 1) = aces Picaae: = 1).] 


. Show that no proper divisor of a perfect number can be perfect. 


[Hint: Apply the result of Problem 3.] 


. Find the last two digits of the perfect number 


i= aaa OO aad =) 


. If o(n) = kn, where k > 3, then the positive integer n is called a k-perfect number 


(sometimes, multiply perfect). Establish the following assertions concerning k-perfect 
numbers: 
(a) 523776 = 2° -3- 11-31 is 3-perfect. 
30240 = 2° . 33 -5- 7 is 4-perfect. 

14182439040 = 2’ .34.5-7-117- 17-19 is 5-perfect. 
(b) If n is a 3-perfect number and 3 / n, then 3n is 4-perfect. 
(c) Ifn is a5-perfect number and 5 { n, then 5n is 6-perfect. 
(d) If 3n is a 4k-perfect number and 3 J n, then n is 3k-perfect. 
For each k, it is conjectured that there are only finitely many k-perfect numbers. The 
largest one discovered has 558 digits and is 9-perfect. 
Show that 120 and 672 are the only 3-perfect numbers of the form n = 2 . 3 - p, where 
p is an odd prime. 
A positive integer n is multiplicatively perfect if n is equal to the product of all its positive 
divisors, excluding n itself; in other words, n* = [], jn 2. Find all multiplicatively perfect 
numbers. 
[Hint: Notice that n? = n™/?,] 
(a) Ifn > 6 is an even perfect number, prove that n = 4 (mod 6). 

[Hint: 2?—! = 1 (mod 3) for an odd prime p.] 
(b) Prove that if n # 28 is an even perfect number, then n = 1 or —1 (mod 7). 
For any even perfect number n = 2'~!(2* — 1), show that 2* | o(n?) + 1. 


14. 


15. 


16. 


17. 


18. 


19. 


20. 
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Numbers such that o(o(n)) = 2n are called superperfect numbers. 

(a) If n = 2* with 2‘+! — 1 a prime, prove that n is superperfect; hence, 16 and 64 are 
superperfect. 

(b) Find all even perfect numbers n = 2*—1(2* — 1) which are also superperfect. 
[Hint: First establish the equality o(o(n)) = 2*(2t! — 1).] 

The harmonic mean H(n) of the divisors of a positive integer n is defined by the formula 


1 1 1 


H(n) t(n) “+d 


Show that if 7 is a perfect number, then H(n) must be an integer. 

[Hint: Observe that H(n) = nt(n)/o(n).] 

The twin primes 5 and 7 are such that one half their sum is a perfect number. Are there 
any other twin primes with this property? 

[Hint: Given the twin primes p and p + 2, with p > 5, +( p+ p+ 2) = 6k for some 
k>1.] 

Prove that if 2* — 1 is prime, then the sum 


Qk-1 4 ok 4 oktl a... 4 92k-2 


will yield a perfect number. For instance, 2? — 1 is prime and 2? + 23 + 2+ = 28, which 
is perfect. 

Assuming that n is an even perfect number, say n = 2'—!(2* — 1), prove that the product 
of the positive divisors of n is equal to n*; in symbols, 


I] d=n* 
d|n 
If nj, 2, ...,, are distinct even perfect numbers, establish that 
(nynz-+-n,) = 2""6(n1)b(n2)--- b(n) 


[Hint: See Problem 5.] 
Given an even perfect number n = 2*—!(2* — 1), show that 


o(n) a 2k—2 


11.3 MERSENNE PRIMES AND AMICABLE NUMBERS 


It has become traditional to call numbers of the form 


M,, = 2" -—1 n>] 


Mersenne numbers after Father Marin Mersenne who made an incorrect but provoca- 
tive assertion concerning their primality. Those Mersenne numbers that happen to 
be prime are said to be Mersenne primes. By what we proved in Section 11.2, the 
determination of Mersenne primes M,,—and, in turn, of even perfect numbers—is 
narrowed down to the case in which n is itself prime. 


In the preface of his Cogitata Physica-Mathematica (1644), Mersenne stated 


that M, is prime for p = 2, 3,5, 7, 13, 17, 19, 31, 67, 127, 257 and composite for 
all other primes p < 257. It was obvious to other mathematicians that Mersenne 
could not have tested for primality all the numbers he had announced; but neither 
could they. Euler verified (1772) that M3; was prime by examining all primes up to 
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46339 as possible divisors, but Mg7, Mj27, and M257 were beyond his technique; in 
any event, this yielded the eighth perfect number 


2°°(27! — 1) = 2305843008139952128 


It was not until 1947, after tremendous labor caused by unreliable desk calcu- 
lators, that the examination of the prime or composite character of M, for the 55 
primes in the range p < 257 was completed. We know now that Mersenne made 
five mistakes. He erroneously concluded that M¢7 and M)57 are prime and excluded 
Me1, Mgo, and Mjo7 from his predicted list of primes. It is rather astonishing that 
over 300 years were required to set the good friar straight. 

All the composite numbers M, with n < 257 have now been completely fac- 
tored. The most difficult factorization, that of M5,, was obtained in 1984 after a 
32-hour search on a supercomputer. 

An historical curiosity is that, in 1876, Edouard Lucas worked a test whereby 
he was able to prove that the Mersenne number M¢7 was composite; but he could 
not produce the actual factors. 

Lucas was the first to devise an efficient “primality test’; that is, a procedure that 
guarantees whether a number is prime or composite without revealing its factors, if 
any. His primality criteria for the Mersenne and Fermat numbers were developed 
in a series of 13 papers published between January of 1876 and January of 1878. 
Despite an outpouring of research, Lucas never obtained a major academic position 
in his native France, instead spending his career in various secondary schools. A 
freak, unfortunate accident led to Lucas’s death from infection at the early age of 
49: a piece of a plate dropped at a banquet flew up and gashed his cheek. 

At the October 1903 meeting of the American Mathematical Society, the Ameri- 
can mathematician Frank Nelson Cole had a paper on the program with the somewhat 
unassuming title “On the Factorization of Large Numbers.” When called upon to 
speak, Cole walked to a board and, saying nothing, proceeded to raise the integer 2 to 
the 67th power; then he carefully subtracted 1 from the resulting number and let the 
figure stand. Without a word he moved to a clean part of the board and multiplied, 
longhand, the product 


193,707,721 x 761,838,257,287 


The two calculations agreed. The story goes that, for the first and only time on record, 
this venerable body rose to give the presenter of a paper a standing ovation. Cole took 
his seat without having uttered a word, and no one bothered to ask him a question. 
(Later, he confided to a friend that it took him 20 years of Sunday afternoons to find 
the factors of M67.) 

In the study of Mersenne numbers, we come upon a strange fact: when each of 
the first four Mersenne primes (namely, 3, 7, 31, and 127) is substituted for n in the 
formula 2” — 1, a higher Mersenne prime is obtained. Mathematicians had hoped 
that this procedure would give rise to an infinite set of Mersenne primes; in other 
words, the conjecture was that if the number /,, is prime, then My, is also a prime. 
Alas, in 1953 a high-speed computer found the next possibility 


Mum, = 9M3 eee 98191 | 
(a number with 2466 digits) to be composite. 
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There are various methods for determining whether certain special types of 
Mersenne numbers are prime or composite. One such test is presented next. 


Theorem 11.3. If p and g = 2p + 1 are primes, then either g | M, org | M, + 2, but 
not both. 
Proof. With reference to Fermat’s theorem, we know that 
27-! _1 =0 (mod q) 
and, factoring the left-hand side, that 


(29-D/2 — 1\(24-D/ 4 1) = (2? — 1)(2? +1) 
= 0 (mod q) 
What amounts to the same thing: 
M,(M, + 2) = 0 (mod q) 
The stated conclusion now follows directly from Theorem 3.1. We cannot have both 


q|M, and q|M, + 2, for then q | 2, which is impossible. 


A single application should suffice to illustrate Theorem 11.3: if p = 23, then 
q =2p+1=47 is also a prime, so that we may consider the case of M3. The 
question reduces to one of whether 47 | M3 or, to put it differently, whether 27? = 
1 (mod 47). Now, we have 


223 — 23(25)* = 23(—15)*(mod 47) 
But 
(—15)* = (225)? = (— 10) = 6 (mod 47) 
Putting these two congruences together, we see that 
23 =2?.6 = 48 = 1 (mod 47) 


whence M3 is composite. 

We might point out that Theorem 11.3 is of no help in testing the primality of 
Moo, say; in this instance, 59 { M29, but instead 59 | My + 2. 

Of the two possibilities g | M, or q | My, + 2, is it reasonable to ask: What 
conditions on qg will ensure that g | M,? The answer is to be found in Theorem 11.4. 


Theorem 11.4. If g = 2n + 1 is prime, then we have the following: 


(a) q| M,, provided that g = 1 (mod 8) org = 7 (mod 8). 
(b) g| M,, + 2, provided that g = 3 (mod 8) org = 5 (mod 8). 


Proof. To say that q | M, is equivalent to asserting that 
249-D/2 — 2" = 1 (mod q) 


In terms of the Legendre symbol, the latter condition becomes the requirement that 
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(2/q) = 1. But according to Theorem 9.6, (2/¢) = 1 when we have g = 1 (mod 8) or 
q =7 (mod 8). The proof of (b) proceeds along similar lines. 


Let us consider an immediate consequence of Theorem 11.4. 
Corollary. If p andq = 2p + 1 are both odd primes, with p = 3 (mod 4), theng | M,. 


Proof. An odd prime p is either of the form 4k +1 or 4k +3. If p = 4k +3, 
then g = 8k + 7 and Theorem 11.4 yields q | Mp. In the case in which p = 4k + 1, 
q = 8k +3 sothatg J M,. 


The following is a partial list of those prime numbers p = 3 (mod 4) where 
q = 2p + 1lisalso prime: p = 11, 23, 83, 131, 179, 191, 239, 251. In each instance, 
M, is composite. 

Exploring the matter a little further, we next tackle two results of Fermat that 
restrict the divisors of M,. The first is Theorem 11.5. 


Theorem 11.5. If p is an odd prime, then any prime divisor of M, is of the form 
2kp + 1. 


Proof. Let q be any prime divisor of M,, so that 2? = 1 (mod q). If 2 has order k 
modulo q (that is, if k is the smallest positive integer that satisfies 2 = 1 (mod q)), then 
Theorem 8.1 tells us that k | p. The case k = 1 cannot arise; for this would imply that 
q | 1, an impossible situation. Therefore, because both k | p andk > 1, the primality of 
p forces k = p. 

In compliance with Fermat’s theorem, we have 217-1 = | (mod q), and therefore, 
thanks to Theorem 8.1 again, k |q — 1. Knowing that k = p, the net result is p|q — 1. 
To be definite, let us put g — 1 = pt; then g = pt + 1. The proof is completed by 
noting that if t were an odd integer, then g would be even and a contradiction occurs. 
Hence, we must have g = 2kp + 1 for some choice of k, which gives g the required 
form. 


As a further sieve to screen out possible divisors of M,, we cite the following 
result. 


Theorem 11.6. If p is an odd prime, then any prime divisor q of M, is of the form 
q = +1 (mod 8). 


Proof. Suppose that q is a prime divisor of M,, so that 2? = 1 (mod q). According to 
Theorem 11.5, g is of the form g = 2kp + 1 for some integer k. Thus, using Euler’s 
criterion, (2/q) = 29-/* = 1 (mod q), whence (2/q) = 1. Theorem 9.6 can now be 
brought into play again to conclude that g = +1 (mod 8). 


For an illustration of how these theorems can be used, one might look at M7. 
Those integers of the form 34k + 1 that are less than 362 < ./Mj7 are 


35, 69, 103, 137, 171, 205, 239, 273, 307, 341 
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Because the smallest (nontrivial) divisor of M7 must be prime, we need only consider 
the primes among the foregoing 10 numbers; namely, 


103, 137, 239, 307 


The work can be shortened somewhat by noting that 307 4 +1 (mod 8), and therefore 
we may delete 307 from our list. Now either M7 is prime or one of the three remaining 
possibilities divides it. With a little calculation, we can check that M,7 is divisible 
by none of 103, 137, and 239; the result: M17 is prime. 

After giving the eighth perfect number 2°°(27! — 1), Peter Barlow, in his book 
Theory of Numbers (published in 1811), concludes from its size that it “is the greatest 
that ever will be discovered; for as they are merely curious, without being useful, it is 
not likely that any person will ever attempt to find one beyond it.” The very least that 
can be said is that Barlow underestimated obstinate human curiosity. Although the 
subsequent search for larger perfect numbers provides us with one of the fascinating 
chapters in the history of mathematics, an extended discussion would be out of place 
here. 

It is worth remarking, however, that the first 12 Mersenne primes (hence, 12 
perfect numbers) have been known since 1914. The 11th in order of discovery, 
namely, Mgo, was the last Mersenne prime disclosed by hand calculation; its primality 
was verified by both Powers and Cunningham in 1911, working independently and 
using different techniques. The prime M27 was found by Lucas in 1876 and for the 
next 75 years was the largest number actually known to be a prime. 

Calculations whose mere size and tedium repel the mathematician are just grist 
for the mill of electronic computers. Starting in 1952, 22 additional Mersenne primes 
(all huge) have come to light. The 25th Mersenne prime, M2701, was discovered in 
1978 by two 18-year-old high school students, Laura Nickel and Curt Noll, using 
440 hours on a large computer. A few months later, Noll confirmed that M 3209 is 
also prime. With the advent of much faster computers, even this record prime did 
not stand for long. 

During the last 10 years, a flurry of computer activity confirmed the primality of 
eight more Mersenne numbers, each in turn becoming the largest number currently 
known to be prime. (In the never-ending pursuit of bigger and bigger primes, the 
record holder has usually been a Mersenne number.) Forty-six Mersenne primes 
have been identified. The larger of a pair more recently discovered is M43112609, 
discovered in 2008. It has 12978189 decimal digits, nearly three million more than 
the previous largest known prime, the 9808358-digit M32582657. The two-year search 
for M43112609 used the spare time of several hundred thousand volunteers and their 
computers, each assigned a different set of candidates to test for primality. The 
newest champion prime gave rise to the 41st even perfect number 


Ps = as (Oia a a, 1) 


an immense number of 25956377 digits. 

It is not likely that every prime in the vast expanse p < 43112609 has been 
tested to see if M, is prime. One should be wary, for in 1989 a systematic computer 
search found the overlooked Mersenne prime M0503 lurking between M6243 and 
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M 216091. What is more probable is that enthusiasts with the time and inclination will 
forge on through higher values to new records. 

An algorithm frequently used for testing the primality of M, is the Lucas-Lehmer 
test. It relies on the inductively defined sequence 


Si=4 Spi =S2-2 k>1 


Thus, the sequence begins with the values 4, 14, 194, 37634, .... The basic theorem, 
as perfected by Derrick Lehmer in 1930 from the pioneering results of Lucas, is 
this: For p > 2, M, is prime if and only if S,_; = 0 (mod M,). An equivalent 
formulation is that M, is prime if and only if S,_2 = +2°+)D/2 (mod M p)s 

A simple example is provided by the Mersenne number M7 = 27 — 1 = 127. 
Working modulo 127, the computation runs as follows: 


5S; =4 So = 14 S3 = 67 S4 = 42 S5 =-16 


GH 

a 
| 
oO 


This establishes that M7 is prime. 

The largest of the numbers on Mersenne’s “original” list, the 78-digit M257, 
was found to be composite in 1930 when Lehmer succeeded in showing that 
S256 # 0 (mod 257); this arithmetic achievement was announced in print in 1930, 
although no factor of the number was known. In 1952, the National Bureau of Stan- 
dards Western Automatic Computer (SWAC) confirmed Lehmer’s efforts of 20 years 
earlier. The electronic computer accomplished in 68 seconds what had taken Lehmer 
over 700 hours using a calculating machine. The smallest prime factor of M257, 
namely, 


535006138814359 


was obtained in 1979 and the remaining two factors exhibited in 1980, 50 years after 
the composite nature of the number had been revealed. 

We have listed in the section of Tables the 47 Mersenne primes known so far, 
with the number of digits in each and its approximate date of discovery. 

Most mathematicians believe that there are infinitely many Mersenne primes, but 
a proof of this seems hopelessly beyond reach. Known Mersenne primes M, clearly 
become more scarce as p increases. It has been conjectured that about two primes 
M, should be expected for all primes p in an interval x < p < 2x; the numerical 
evidence tends to support this. 

One of the celebrated problems of number theory is whether there exist any 
odd perfect numbers. Although no odd perfect number has been produced thus far, 
nonetheless, it is possible to find certain conditions for the existence of odd perfect 
numbers. The oldest of these we owe to Euler, who proved that if n is an odd perfect 
number, then 


261 2 2p, 
= paaGaa mA .qrh 


where Pp, qi,---,Q, are distinct odd primes and p =a = 1 (mod 4). In 1937, 
Steuerwald showed that not all 8;’s can be equal to 1; that is, ifn = pga; .: -q? 
is an odd number with p = a = 1 (mod 4), then zn is not perfect. Four years later, 
Kanold established that not all £;’s can be equal to 2, nor is it possible to have one B; 
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equal to 2 and all the others equal to 1. The last few years have seen further progress: 
Hagis and McDaniel (1972) found that it is impossible to have 6; = 3 for all i. 
With these comments out of the way, let us prove Euler’s result. 


Theorem 11.7 Euler. If 1 is an odd perfect number, then 


ky 22 | 


= Djs 
n= Di D> z 


‘+ D, 


where the p;’s are distinct odd primes and p; = k; = 1 (mod 4). 


Proof. Letn = De pe : 


can write 


- - p* be the prime factorization of n. Because n is perfect, we 


2n = o(n) = o(p;')o(py")- + o(p;") 
Being an odd integer, either n = 1 (mod 4) or n = 3 (mod 4); in any event, 2n = 2 
(mod 4). Thus, o(n) = 2n is divisible by 2, but not by 4. The implication is that one 
of the o( pi"), say o( De); must be an even integer (but not divisible by 4), and all the 
remaining o( pi'y’s are odd integers. 
For a given p;, there are two cases to be considered: p; = 1 (mod 4) and p; = 3 
(mod 4). If p; = 3 = —1 (mod 4), we would have 


o(pi') =1+ pit pete + PF 
=14+(-1)+(-1)?+---+ (1) (mod 4) 


_ JO(mod 4) = if k; is odd 
~ |1(mod4) if k; is even 


Because o(p;') = 2 (mod 4), this tells us that p; 4 3 (mod 4) or, to put it affirma- 
tively, p; = 1 (mod 4). Furthermore, the congruence o( pi) = 0 (mod 4) signifies that 


4 divides o(p;"), which is not possible. The conclusion: if pj = 3 (mod 4), where 
i = 2,...,r, then its exponent k; is an even integer. 
Should it happen that p; = 1 (mod 4)—which is certainly true for i = 1—then 


o(pi') =1+ pit pet +++ 7; 
=141!'4124...4 1% (mod 4) 
=k; + 1 (mod 4) 


The condition o( pi) = 2 (mod 4) forces k; = 1 (mod 4). For the other values of i, we 


know that o(p;") = 1 or3 (mod 4), and therefore k; = O or 2 (mod 4); in any case, k; 
is an even integer. The crucial point is that, regardless of whether p; = 1 (mod 4) or 
Di = 3 (mod 4), k; is always even for i 4 1. Our proof is now complete. 


In view of the preceding theorem, any odd perfect number n can be expressed as 


_— wk 2ij2 2 ir 
n= Pp; P> +++ Dy 
ae, ky J2 Jr\2 
= P;'(px--: Pr’) 
eS Sey) 

p,m 


This leads directly to the following corollary. 
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Corollary. If n is an odd perfect number, then n is of the form 
n= pkm 


where p is a prime, p J m, and p =k = 1 (mod 4); in particular, n = 1 (mod 4). 


Proof. The last assertion is the only non-obvious one. Because p = | (mod 4), we 
have p* = 1 (mod 4). Notice that m must be odd; hence, m = 1 or 3 (mod 4), and 
therefore upon squaring, m* = 1 (mod 4). It follows that 


n= p’m? =1-1=1 (mod 4) 


establishing our corollary. 


Another line of investigation involves estimating the size of an odd perfect 
number n. The classical lower bound was obtained by Turcaninov in 1908: n has at 
least four distinct prime factors and exceeds 2 - 10°. With the advent of electronic 
computers, the lower bound has been improved to n > 10°. Recent investigations 
have shown that n must be divisible by at least nine distinct primes, the largest of 
which is greater than 108, and the next largest exceeds 10*; if 3 X n, then the number 
of distinct prime factors of n is at least 12. 

Although all of this lends support to the belief that there are no odd perfect 
numbers, only a proof of their nonexistence would be conclusive. We would then 
be in the curious position of having built up a whole theory for a class of numbers 
that did not exist. “It must always,” wrote the mathematician Joseph Sylvester in 
1888, “stand to the credit of the Greek geometers that they succeeded in discovering 
a class of perfect numbers which in all probability are the only numbers which are 
perfect.” 

Another numerical concept, with a history extending from the early Greeks, 
is amicability. Two numbers such as 220 and 284 are called amicable, or friendly, 
because they have the remarkable property that each number is “contained” within 
the other, in the sense that each number is equal to the sum of all the positive 
divisors of the other, not counting the number itself. Thus, as regards the divisors 
of 220, 


14+2+4+4+5+104+114+20+ 224+ 44+ 55+ 110 = 284 
and for 284, 
14+2+4471+4 142 = 220 


In terms of the o function, amicable numbers m and n (or an amicable pair) are 
defined by the equations 


o(m)—m=n o(n)-n=m 
or what amounts to the same thing: 
o(m)=m+n=oa(n) 


Down through their quaint history, amicable numbers have been important in 
magic and astrology, and in casting horoscopes, making talismans, and concocting 
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love potions. The Greeks believed that these numbers had a particular influence in 
establishing friendships between individuals. The philosopher Iamblichus of Chalcis 
(ca. A.D. 250—A.D. 330) ascribed a knowledge of the pair 220 and 284 to the Pythagore- 
ans. He wrote: 


They [the Pythagoreans] call certain numbers amicable numbers, adopting virtues and 
social qualities to numbers, as 284 and 220; for the parts of each have the power to 
generate the other.... 


Biblical commentators spotted 220, the lesser of the classical pair, in Genesis 32:14 
as numbering Jacob’s present to Esau of 200 she-goats and 20 he-goats. According to 
one commentator, Jacob wisely counted out his gift (a “hidden secret arrangement”) 
to secure the friendship of Esau. An Arab of the 11th century, El Madschriti of 
Madrid, related that he had put to the test the erotic effect of these numbers by 
giving someone a confection in the shape of the smaller number, 220, to eat, while 
he himself ate the larger, 284. He failed, however, to describe whatever success the 
ceremony brought. 

It is a mark of the slow development of number theory that until the 1630s no 
one had been able to add to the original pair of amicable numbers discovered by 
the Greeks. The first explicit rule described for finding certain types of amicable 
pairs is due to Thabit ibn Qurra, an Arabian mathematician of the 9th century. In a 
manuscript composed at that time, he indicated: 


If the three numbers p = 3-2”-! —1, g =3-2"—1, andr =9-27""! — 1 are all 
prime and n > 2, then 2” pq and 2”r are amicable numbers. 


It was not until its rediscovery centuries later by Fermat and Descartes that Thabit’s 
rule produced the second and third pairs of amicable numbers. In a letter to Mersenne 
in 1636, Fermat announced that 17,296 and 18,416 were an amicable pair, and 
Descartes wrote to Mersenne in 1638 that he had found the pair 9363584 and 
9437056. Fermat’s pair resulted from taking n = 4in Thabit’s rule (p = 23, q = 47, 
r = 1151 are all prime) and Descartes’ from n = 7 (p = 191, g = 383, r = 73727 
are all prime). 

In the 1700s, Euler drew up at one clip a list of 64 amicable pairs; two of these 
new pairs were later found to be “unfriendly,” one in 1909 and one in 1914. Adrien 
Marie Legendre, in 1830, found another pair, 2172649216 and 2181168896. 

Extensive computer searches have currently revealed more than 50000 amicable 
pairs, some of them running to 320 digits; these include all those with values less than 
10!!. It has not yet been established whether the number of amicable pairs is finite 
or infinite, nor has a pair been produced in which the numbers are relatively prime. 
What has been proved is that each integer in a pair of relatively prime amicable 
numbers must be greater than 10°, and their product must be divisible by at least 22 
distinct primes. Part of the difficulty is that in contrast with the single formula for 
generating (even) perfect numbers, there is no known rule for finding all amicable 
pairs of numbers. 
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Another inaccessible question, already considered by Euler, is whether there are 
amicable pairs of opposite parity—that is, with one integer even and the other odd. 

“Most” amicable pairs in which both members of the pair are even have their 
sums divisible by 9. A simple example is 220 + 284 = 504 = 0 (mod 9). The small- 
est known even amicable pair whose sum fails to enjoy this feature is 666030256 
and 696630544. 


PROBLEMS 11.3 


1. Prove that the Mersenne number Mj; is a prime; hence, the integer n = 2? (2)3 — 1) is 
perfect. 
[Hint: Because ./M,3 < 91, Theorem 11.5 implies that the only candidates for prime 
divisors of M13 are 53 and 79.] 
2. Prove that the Mersenne number Myo is a prime; hence, the integer n = 2!8(2!° — 1) is 
perfect. 
[Hint: By Theorems 11.5 and 11.6, the only prime divisors to test are 191, 457, and 647.] 
3. Prove that the Mersenne number M49 is composite. 
4. A positive integer n is said to be a deficient number if a(n) < 2n and an abundant number 
if o(n) > 2n. Prove each of the following: 
(a) There are infinitely many deficient numbers. 
[Hint: Consider the integers n = pe where p is an odd prime and k > 1.] 
(b) There are infinitely many even abundant numbers. 
[Hint: Consider the integers n = 2* .3, where k > 1.] 
(c) There are infinitely many odd abundant numbers. 
[Hint: Consider the integers n = 945 - k, where k is any positive integer not divisible 
by 2, 3, 5, or 7. Because 945 = 33.5.7, it follows that gcd(945, k) = 1 and so 
a(n) = 0 (945)o (k).] 
5. Assuming that n is an even perfect number and d|n, where 1 < d < n, show that d is 
deficient. 
. Prove that any multiple of a perfect number is abundant. 
. Confirm that the pairs of integers listed below are amicable: 
(a) 220 = 27 - 5-11 and 284 = 2? - 71. (Pythagoras, 500 B.C.) 
(b) 17296 = 2*. 23 - 47 and 18416 = 2+. 1151. (Fermat, 1636) 
(c) 9363584 = 27 - 191 - 383 and 9437056 = 2’ - 73727. (Descartes, 1638) 
8. For a pair of amicable numbers m and n, prove that 


(x ua) 4 (» ud) =] 


d|m d|n 


SN 


9. Establish the following statements concerning amicable numbers: 

(a) A prime number cannot be one of an amicable pair. 

(b) The larger integer in any amicable pair is a deficient number. 

(c) If m and n are an amicable pair, with m even and n odd, then n is a perfect square. 
[Hint: If p is an odd prime, then 1 + p+ p?+.---+ p* is odd only when k is an 
even integer. ] 

10. In 1886, a 16-year-old Italian boy announced that 1184 = 2° - 37 and 1210 = 2-5- 11? 
form an amicable pair of numbers, but gave no indication of the method of discovery. 

Verify his assertion. 


11. 


12. 


13. 


14. 


15. 


16. 
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Prove “Thabit’s rule” for amicable pairs: If p = 3-2"-!—1, g =3-2"—1, and 
r =9-22"-! _ | are all prime numbers, wheren > 2, then 2” pg and 2"r are an amicable 
pair of numbers. This rule produces amicable numbers for n = 2, 4, and 7, but for no 
other n < 20,000. 

By an amicable triple of numbers is meant three integers such that the sum of any 
two is equal to the sum of the divisors of the remaining integer, excluding the number 
itself. Verify that 2° - 3 - 13 - 293 - 337, 2° -3-5-13- 16561, and 2° - 3 - 13 - 99371 are 
an amicable triple. 

A finite sequence of positive integers is said to be a sociable chain if each is the sum of 
the positive divisors of the preceding integer, excluding the number itself (the last integer 
is considered as preceding the first integer in the chain). Show that the following integers 
form a sociable chain: 


14288, 15472, 14536, 14264, 12496 


Only two sociable chains were known until 1970, when nine chains of four integers each 

were found. 

Prove that 

(a) Any odd perfect number n can be represented in the form n = pa”, where p is a 
prime. 

(b) If n = pa? is an odd perfect number, then n = p (mod 8). 

If n is an odd perfect number, prove that n has at least three distinct prime factors. 

[Hint: Assume that n = p*q?/, where p=k=1 (mod 4). Use the inequality 

2=o(n)/n < [p/(p — WI] [¢/(g — 1)] to reach a contradiction. ] 

If the integer n > 1 is a product of distinct Mersenne primes, show that o(n) = 2* for 

some k. 


11.4 FERMAT NUMBERS 


To round out the picture, let us mention another class of numbers that provides 
a rich source of conjectures, the Fermat numbers. These may be considered as a 
special case of the integers of the form 2” + 1. We observe that if 2” + 1 is an 
odd prime, then m = 2” for some n > 0. Assume to the contrary that m had an 
odd divisor 2k + 1 > 1, say m = (2k + 1)r; then 2” + 1 would admit the nontrivial 
factorization 


mays Q2k+1)r +1= Qe 41 
ua (2” AG Hee = Q2k—Dr 2 eeerane: 92r OE 1) 


which is impossible. In brief, 2” + 1 can be prime only if m is a power of 2. 


Definition 11.2. A Fermat number is an integer of the form 
F,=27 +1 n=0 


If F,, is prime, it is said to be a Fermat prime. 


Fermat, whose mathematical intuition was usually reliable, observed that all the 


integers 


Fo = 3 Pi=5 Fo = 17 Fy =.237 F'4 = 65537 


238 ELEMENTARY NUMBER THEORY 


are primes and expressed his belief that F,, is prime for each value of n. In writing 
to Mersenne, he confidently announced: “I have found that numbers of the form 
27" + 1 are always prime numbers and have long since signified to analysts the truth 
of this theorem.” However, Fermat bemoaned his inability to come up with a proof 
and, in subsequent letters, his tone of growing exasperation suggests that he was 
continually trying to do so. The question was resolved negatively by Euler in 1732 
when he found 


Fs = 2? + 1 = 4294967297 


to be divisible by 641. To us, such a number does not seem very large; but in Fermat’s 
time, the investigation of its primality was difficult, and obviously he did not carry 
it out. 

The following elementary proof that 641 | F5 does not explicitly involve division 
and is due to G. Bennett. 


Theorem 11.8. The Fermat number F’; is divisible by 641. 


Proof. We begin by putting a = 2’ and b = 5, so that 
1+ab=1+4+2'-5=641 
It is easily seen that 
l+ab—b*=14+(a—b?)b=14+3b=2' 
But this implies that 
Fs = 27 41=22241 

= 24at +1 

=(1+ab—b*)a* +1 

= (1+ab)a* + (1 — a*tb*) 

= (1 + ab)[a* + (1 — ab)(1 + ab*)] 
which gives 641 | Fy. 


To this day it is not known whether there are infinitely many Fermat primes 
or, for that matter, whether there is at least one Fermat prime beyond F4. The best 
“guess” is that all Fermat numbers F,, > F4 are composite. 

Part of the interest in Fermat primes stems from the discovery that they have a 
remarkable connection with the ancient problem of determining all regular polygons 
that can be constructed with ruler and compass alone (where the former is used only 
to draw straight lines and the latter only to draw arcs). In the seventh and last section 
of the Disquisitiones Arithmeticae, Gauss proved that a regular polygon of n sides 
is so constructible if and only if either 


n= 2 or n = 2* pi po-- + Dr 


where k > 0 and pj, po2,..., py are distinct Fermat primes. The construction of 
regular polygons of 2*, 2 . 3, 2* . 5 and 2* . 15 sides had been known since the time 
of the Greek geometers. In particular, they could construct regular n-sided polygons 
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for n = 3, 4,5, 6, 8, 10, 12, 15, and 16. What no one suspected before Gauss was 
that a regular 17-sided polygon can also be constructed by ruler and compass. Gauss 
was so proud of his discovery that he requested that a regular polygon of 17 sides be 
engraved on his tombstone; for some reason, this wish was never fulfilled, but such 
a polygon is inscribed on the side of a monument to Gauss erected in Brunswick, 
Germany, his birthplace. 

A useful property of Fermat numbers is that they are relatively prime to each 
other. 


Theorem 11.9. For Fermat numbers F,, and F,,, where m > n > 0, gcd(Fin, F,) = 1. 


Proof. Put d = gcd(F,, F,). Because Fermat numbers are odd integers, d must be 
odd. If we set x = 2?" andk = 2”~", then 
Fy-2 (2 y""-1 
Fi 2 +4+1 
2 Ee 
es eee] 


whence F,, | (Fi, — 2). From d | F,,, it follows that d | (Fi, — 2). Now use the fact that 
d|F, to obtain d|2. But d is an odd integer, and so d = 1, establishing the result 
claimed. 


eet rn ea 


This leads to a pleasant little proof of the infinitude of primes. We know that 
each of the Fermat numbers Fo, F),..., F, is divisible by a prime that, according 
to Theorem 11.9, does not divide any of the other F;,. Thus, there are at least n + 1 
distinct primes not exceeding F,,. Because there are infinitely many Fermat numbers, 
the number of primes is also infinite. 

In 1877, the Jesuit priest T. Pepin devised the practical test (Pepin’s test) for 
determining the primality of F,, that is embodied in the following theorem. 


Theorem 11.10 Pepin’s test. For n > 1, the Fermat number F,, = 27" + 1 is prime 
if and only if 


3%»—D/2 = _1 (mod Fy) 


Proof. First let us assume that 
30D = —1 (mod Fy) 
Upon squaring both sides, we get 
3! = 1 (mod Fy) 
The same congruence holds for any prime p that divides F,: 
3f-! = | (mod p) 


Now let k be the order of 3 modulo p. Theorem 8.1 indicates that k | F,, — 1, or in other 
words, that k | 22"; therefore k must be a power of 2. 
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It is not possible that k = 2” for anyr < 2” — 1. If this were so, repeated squaring 
of the congruence 3 = 1 (mod p) would yield 


3" =] (mod p) 
or, what is the same thing, 


3(fn—D/2 = 1 (mod p) 


We would then arrive at 1 = —1 (mod p), resulting in p = 2, which is a contradiction. 
Thus the only possibility open to us is that 
k=2" =F,-1 


Fermat’s theorem tells us that k < p — 1, which means, in turn, that F, = k+1 < p. 
Because p | F,,, we also have p < F,. Together these inequalities mean that F,, = p, 
so that F,, is a prime. 

On the other hand, suppose that F,, n > 1, is prime. The Quadratic Reciprocity 
Law gives 


(3/Fn) = (Fn/3) = 2/3) = -1 


when we use the fact that F, = (—1)”" + 1 = 2 (mod 3). Applying Euler’s Criterion, 
we end up with 


3(F—D/2 = _1 (mod F,) 


Let us demonstrate the primality of F3 = 257 using Pepin’s test. Working mod- 
ulo 257, we have 
3(F3—1)/2 =4 3128 = 33(3°)> 
= 27(-14)* 
= 27. 14%4(-14) 
= 27(17)(-14) 
= 27-19 = 513 = —1 (mod 257) 
so that F3 is prime. 
We have already observed that Euler proved the Fermat number Fs; to be com- 


posite, with the factorization F; = 2°? + 1 = 641 - 6700417. As for Fe, in 1880, 
F, Landry announced that 


fe = 2% +1 
= 274177 - 67280421310721 


This accomplishment is all the more remarkable when we consider that Landry 
was 82 years old at the time. Landry never published an account of his work on 
factoring F but it is unlikely that he used trial division. Indeed, he had earlier 
estimated that trying to show the primality of Fg by testing numbers of the form 
128k + 1 could take 3000 years. 

In 1905, J. C. Morehead and A. E. Western independently performed Pepin’s 
test on F7 and communicated its composite character almost simultaneously. It took 
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66 years, until 1971, before Brillhart and Morrison discovered the prime factorization 


F, = 2! +41 
= 59649589127497217 - 5704689200685129054721 


(The possibility of arriving at such a factorization without recourse to fast computers 
with large memories is remote.) Morehead and Western carried out (in 1909) a 
similar calculation for the compositeness of Fg, each doing half the work; but the 
actual factors were not found until 1980, when Brent and Pollard showed the smallest 
prime divisor of Fg to be 


1238926361552897 


The other factor of Fg is 62 digits long and shortly afterward was shown to be prime. 
A large F, to which Pepin’s test has been applied is Fj4, a number of 4933 digits; 
this Fermat number was determined to be composite by Selfridge and Hurwitz in 
1963, although at present no divisor is known. 

Our final theorem, due to Euler and Lucas, is a valuable aid in determining the 
divisors of Fermat numbers. As early as 1747, Euler established that every prime 
factor of F,, must be of the formk - 2”+! + 1. Over 100 years later, in 1879, the French 
number theorist Edouard Lucas improved upon this result by showing that k can be 
taken to be even. From this, we have the following theorem. 


Theorem 11.11. Any prime divisor p of the Fermat number F,, = 27° + 1, where 
n > 2, is of the form p =k - 2"*7 + 1. 
Proof. For a prime divisor p of F,,, 

2?" = —1 (modp) 
which is to say, upon squaring, that 

2?""" = 1 (mod p) 
If h is the order of 2 modulo p, this congruence tells us that 

hort 

We cannot have h = 2’ where 1 < r < n, for this would lead to 

2?" = 1 (mod p) 


and, in turn, to the contradiction that p = 2. This lets us conclude that h = Dike 
Because the order of 2 modulo p divides @(p) = p — 1, we may further conclude that 
ont | p — 1. The point is that for n > 2, p = 1 (mod 8), and therefore, by Theorem 
9.6, the Legendre symbol (2/p) = 1. Using Euler’s criterion, we immediately pass to 


2-Di2 = (2/p) = 1 (mod p) 


An appeal to Theorem 8.1 finishes the proof. It asserts that h | (p — 1)/2, or equivalently, 
2"+1|(p — 1)/2. This forces 2”*? | p — 1, and we obtain p = k -2"+? + 1 for some 
integer k. 
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Theorem 11.11 enables us to determine quickly the nature of Fy = 2'©+ 1 = 
65537. The prime divisors of F, must take the form 2°k + 1 = 64k + 1. There is 
only one prime of this kind that is less than or equal to ./F4, namely, the prime 193. 
Because this trial divisor fails to be a factor of F4, we may conclude that F% is itself 
a prime. 

The increasing power and availability of computing equipment has allowed the 
search for prime factors of the Fermat numbers to be extended significantly. For 
example, the first prime factor of F23 was found in 1997. It is now known that F,, 
is composite for 5 < n < 30 and for some 140 additional values of n. The largest 
composite Fermat number found to date is F3930gg, with divisor 3 - OF 

The complete prime factorization of F,, has been obtained for 5 < n < 11 and 
no other n. After the factorization of Fs, it was little suspected that F,, 629 digits 
long, would be the next Fermat number to be completely factored; but this was 
carried out by Brent and Morain in 1988. The factorization of the 155-digit Fo by 
the joint efforts of Lenstra, Manasse, and Pollard in 1990 was noteworthy for having 
employed approximately 700 workstations at various locations around the world. 
The complete factorization took about 4 months. Not long thereafter (1996), Brent 
determined the remaining two prime factors of the 310-digit Fo. The reason for 
arriving at the factorization of F;; before that of Fy and Fo was that size of the 
second-largest prime factor of F,, made the calculations much easier. The second- 
largest prime factor of Fj; contains 22 digits, whereas those of Fo and Fig have 
lengths of 49 and 40 digits, respectively. 

The enormous F3, with a decimal expansion of over 600 million digits, was 
proved to be composite in 2001. It was computationally fortunate that F3; had a 
prime factor of only 23 digits. For F33, the challenge remains: it is the smallest 
Fermat number whose character is in doubt. Considering that F33 has more than two 
trillion digits, the matter may not be settled for some time. 

A resume of the current primality status for the Fermat numbers F,,, where 
0 <n < 35, is given below. 


n Character of F, 
0, 1, 2, 3,4 prime 
5, 6, 7, 8, 9, 10, 11 completely factored 
12, 13, 15, 16, 18, 19, 25, 27, 30 two or more prime factors known 
17, 21, 23, 26, 28, 29, 31, 32 only one prime factor known 
14, 20, 22, 24 composite, but no factor known 
33, 34 ,35 character unknown 


The case for Fi¢ was settled in 1953 and lays to rest the tantalizing conjecture 
that all the terms of the sequence 


9 9? 
2- 


PE Pay oe Ra, 4 Ay 


are prime numbers. What is interesting is that none of the known prime factors p of 
a Fermat number F, gives rise to a square factor p*; indeed, it is speculated that the 
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Fermat numbers are square-free. This is in contrast to the Mersenne numbers where, 
for example, 9 divides Mgy. 

Numbers of the form k - 2” + 1, which occur in the search for prime factors of 
Fermat numbers, are of considerable interest in their own right. The smallest n for 
which k - 2” + 1 is prime may be quite large in some cases; for instance, the first 
time 47-2” + 1 is prime is when n = 583. But there also exist values of k such 
that k - 2” + 1 is always composite. Indeed, in 1960 it was proved that there exist 
infinitely many odd integers k with k - 2” + 1 composite for all > 1. The problem 
of determining the least such value of k remains unsolved. Up to now, k = 78557 is 
the smallest known k for which k - 2” + 1 is never prime for any n. 


PROBLEMS 11.4 


1. By taking fourth powers of the congruence 5 - 27 = —1 (mod 641), deduce that 277 + 1 = 
0 (mod 641); hence, 641 | Fs. 

2. Gauss (1796) discovered that a regular polygon with p sides, where p is a prime, can be 
constructed with ruler and compass if and only if p — 1 is a power of 2. Show that this 
condition is equivalent to requiring that p be a Fermat prime. 

3. Forn > 0, prove the following: 

(a) There are infinitely many composite numbers of the form 27" + 3. 
[Hint: Use the fact that 2” = 3k + 1 for some k to establish that 7 | 2 
(b) Each of the numbers 2?” + 5 is composite. 

4. Composite integers n for which n|2” — 2 are called pseudoprimes. Show that every 

Fermat number F,, is either a prime or a pseudoprime. 
[Hint: Raise the congruence 22” = —1 (mod F,) to the 2?"~" power. ] 

5. For > 2, show that the last digit of the Fermat number F,, = Oe is 7: 
[Hint: By induction on n, verify that 27" = 6 (mod 10) forn > 2.] 

6. Establish that 27" — 1 has at least n distinct prime divisors. 

[Hint: Use induction on n and the fact that 


gent 


2.1 


27 —1 = (2 +192?" -1)] 


7. In 1869, Landry wrote: “No one of our numerous factorizations of the numbers 2” + 1 
gave us as much trouble and labor as that of 2°° + 1.” Verify that 2°° + 1 can be factored 
rather easily using the identity 


Ax* + 1 = (2x* — 2x + 1)(2x? + 2x +1) 


8. From Problem 5, conclude the following: 
(a) The Fermat number F,, is never a perfect square. 
(b) Forn > 0, F, is never a triangular number. 
9. (a) For any odd integer n, show that 3 | 2” + 1. 
(b) Prove that if p and q are both odd primes and g|2? + 1, then either g = 3 or 
q = 2kp + 1 for some integer k. 
[Hint: Because 2? = 1 (mod q), the order of 2 modulo q is either 2 or 2p; in the 
latter case, 2p | 6(q).] 
(c) Find the smallest prime divisor g > 3 of each of the integers 27? + 1 and 2*! + 1. 
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Determine the smallest odd integer n > 1 such that 2” — 1 is divisible by a pair of twin 
primes p and q, where 3 < p < q. 
[Hint: Being the first member of a pair of twin primes, p = —1 (mod 6). Because (2/p) = 
(2/q) = 1, Theorem 9.6 gives p = q = +1 (mod 8); hence, p = —1 (mod 24) and 
q = 1 (mod 24). Now use the fact that the orders of 2 modulo p and g must divide n.] 
Find all prime numbers p such that p divides 2? + 1; do the same for 2? — 1. 
Let p = 3-2" + 1 bea prime, where n > 1. (Twenty-nine primes of this form are cur- 
rently known, the smallest occurring when n = 1 and the largest when n = 303093.) 
Prove each of the following assertions: 
(a) The order of 2 modulo p is either 3, 2° or 3 - 2" for some 0 < k <n. 
(b) Except when p = 13, 2 is not a primitive root of p. 
[Hint: If 2 is a primitive root of p, then (2/p) = —1.] 
(c) The order of 2 modulo p is not divisible by 3 if and only if p divides a Fermat number 
F, withO<k<n-—1. 
[Hint: Use the identity 27 — 1 = FoF, Fy... Fx_1.] 
(d) There is no Fermat number that is divisible by 7, 13, or 97. 
For any Fermat number F,, = 27" + 1 with n > 0, establish that F,, = 5 or 8 (mod 9) 
according as n is odd or even. 
[Hint: Use induction to show, first, that 22" = 22" (mod 9) forn > 3.] 
Use the fact that the prime divisors of F5 are of the form 2’k + 1 = 128k + 1 to confirm 
that 641 | Fs. 
For any prime p > 3, prove the following: 
(a) 4 (2? + 1) is not divisible by 3. [Hint: Consider the identity 


2? +1 
4 = 2P-1_ 9p 4...-241,] 


(b) 4(2? + 1) has a prime divisor greater than p. [Hint: Problem 9(b).] 

(c) The integers 4(2° + 1) and $(273 + 1) are both prime. 

From the previous problem, deduce that there are infinitely many prime numbers. 

(a) Prove that 3, 5, and 7 are quadratic nonresidues of any Fermat prime F,, wheren > 2. 
[Hint: Pepin’s test and Problem 15, Section 9.3.] 

(b) Show that every quadratic nonresidue of a Fermat prime F,, is a primitive root of F;,,. 

Establish that any Fermat prime F,, can be written as the difference of two squares, but 

not of two cubes. [Hint: Notice that 


F, = 22" ome |e Cale: zl 1)’ eu 2 —)F 


For n > 1, show that gcd(F,, n) = 1. 

[Hint: Theorem 11.11.] 

Use Theorems 11.9 and 11.11 to deduce that there are infinitely many primes of the form 
4k +1. 


CHAPTER 


CERTAIN NONLINEAR 
DIOPHANTINE EQUATIONS 


He who seeks for methods without having a definite problem in mind seeks for 
the most part in vain. 
D. HILBERT 


12.1 THE EQUATION x? + y? = 2? 


Fermat, whom many regard as a father of modern number theory, nevertheless, had a 
custom peculiarly ill-suited to this role. He published very little personally, preferring 
to communicate his discoveries in letters to friends (usually with no more than the 
terse statement that he possessed a proof) or to keep them to himself in notes. 
A number of such notes were jotted down in the margin of his copy of Bachet’s 
translation of Diophantus’s Arithmetica. By far the most famous of these marginal 
comments is the one—presumably written about 1637—which states: 


It is impossible to write a cube as a sum of two cubes, a fourth power as a sum of two 
fourth powers, and, in general, any power beyond the second as a sum of two similar 
powers. For this, I have discovered a truly wonderful proof, but the margin is too small 
to contain it. 


In this tantalizing aside, Fermat was simply asserting that, if n > 2, then the Dio- 
phantine equation 


x"+y"=z 
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has no solution in the integers, other than the trivial solutions in which at least one 
of the variables is zero. 

The quotation just cited has come to be known as Fermat’s Last Theorem or, 
more accurately, Fermat’s conjecture. By the 1800s, all the assertions appearing in the 
margin of his Arithmetica had either been proved or refuted—with the one exception 
of the Last Theorem (hence the name). The claim has fascinated many generations of 
mathematicians, professional and amateur alike, because it is so simple to understand 
yet so difficult to establish. If Fermat really did have a “truly wonderful proof,” it 
has never come to light. Whatever demonstration he thought he possessed very 
likely contained a flaw. Indeed, Fermat himself may have subsequently discovered 
the error, for there is no reference to the proof in his correspondence with other 
mathematicians. 

Fermat did, however, leave a proof of his Last Theorem for the case n = 4. To 
carry through the argument, we first undertake the task of identifying all solutions 
in the positive integers of the equation 


a aes (1) 


Because the length z of the hypotenuse of a right triangle is related to the lengths 
x and y of the sides by the famous Pythagorean equation x* + y* = 2’, the search 
for all positive integers that satisfy Eq. (1) is equivalent to the problem of finding all 
right triangles with sides of integral length. The latter problem was raised in the days 
of the Babylonians and was a favorite with the ancient Greek geometers. Pythagoras 
himself has been credited with a formula for infinitely many such triangles, namely, 


x=2n+1 y =2n?+2n z=2n?+2n+4+1 


where n is an arbitrary positive integer. This formula does not account for all right 
triangles with integral sides, and it was not until Euclid wrote his Elements that a 
complete solution to the problem appeared. 

The following definition gives us a concise way of referring to the solutions of 


Eq. (1). 


Definition 12.1. A Pythagorean triple is a set of three integers x, y, z such that 
x? + y* = z?; the triple is said to be primitive if gcd(x, y, z) = 1. 


Perhaps the best-known examples of primitive Pythagorean triples are 3, 4, 5 
and 5, 12, 13, whereas a less obvious one is 12, 35, 37. 

There are several points that need to be noted. Suppose that x, y, z is any 
Pythagorean triple and d = gcd(x, y, z). If we write x = dx1, y = dy, z= dz}, 
then it is easily seen that 
Poy 2 : 

fa gee 
with gcd(x1, y1, Z1) = 1. In short, x, y;, z; form a primitive Pythagorean triple. 
Thus, it is enough to occupy ourselves with finding all primitive Pythagorean triples; 
any Pythagorean triple can be obtained from a primitive one upon multiplying by a 
suitable nonzero integer. The search may be confined to those primitive Pythagorean 


x+y = 
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triples x, y, z in which x > 0, y > 0, z > O, inasmuch as all others arise from the 
positive ones through a simple change of sign. 

Our development requires two preparatory lemmas, the first of which sets forth 
a basic fact regarding primitive Pythagorean triples. 


Lemma I. If x, y, z is a primitive Pythagorean triple, then one of the integers x or y 
is even, while the other is odd. 


Proof. If x and y are both even, then 2 | (x* + y*) or 2|z’, so that 2 | z. The inference 
is that gcd(x, y, z) > 2, which we know to be false. If, on the other hand, x and y 
should both be odd, then x” = 1 (mod 4) and y” = 1 (mod 4), leading to 


2 =x? 4+ y? =2 (mod 4) 


But this is equally impossible, because the square of any integer must be congruent 
either to 0 or to 1 modulo 4. 


Given a primitive Pythagorean triple x, y, z, exactly one of these integers is 
even, the other two being odd (if x, y, z were all odd, then x? + y? would be even, 
whereas z? is odd). The foregoing lemma indicates that the even integer is either x 
or y; to be definite, we shall hereafter write our Pythagorean triples so that x is even 
and y is odd; then, of course, z is odd. 

It is worth noticing (and we will use this fact) that each pair of the integers x, 
y, and z must be relatively prime. Were it the case that gcd(x, y) =d > 1, then 
there would exist a prime p with p | d. Because d |x and d | y, we would have p | x 
and p|y, whence p|x? and p| y*. But then p|(x?+ y), or p|z’, giving p|z. 
This would conflict with the assumption that gcd(x, y, z) = 1,andsod = 1. In like 
manner, one can verify that gcd(y, z) = gcd(x, z) = 1. 

By virtue of Lemma 1, there exists no primitive Pythagorean triple x, y, z all of 
whose values are prime numbers. There are primitive Pythagorean triples in which 
z and one of x or y is a prime; for instance, 3, 4, 5; 11, 60, 61; and 19, 180, 181. It 
is unknown whether there exist infinitely many such triples. 

The next hurdle that stands in our way is to establish that if a and b are relatively 
prime positive integers having a square as their product, then a and b are themselves 
squares. With an assist from the Fundamental Theorem of Arithmetic, we can prove 
considerably more, to wit, Lemma 2. 


Lemma 2. If ab = c”, where gcd(a, b) = 1, then a and b are nth powers; that is, there 
exist positive integers a,, b; for which a = aj, b = Dt. 


Proof. There is no harm in assuming that a > 1 andb > 1. If 


k k j j i. 
a= pp? ++ pe b=qj'q3 ++: 


are the prime factorizations of a and b, then, bearing in mind that gcd(a, b) = 1, no 
p; can occur among the q;. As a result, the prime factorization of ab is given by 


k coh j 
ab = p;' vss pirqi! gis 
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Let us suppose that c can be factored into primes as c = uit ue ree ul! . Then the condition 


ab = c" becomes 


k k, i ;, _ nl l; 

Pi: D; a ---q} = Uj) +++; 
From this we see that the primes u,..., 4; are Pj, .--, Pr, 1, ---> Qs (im Some order) 
and nlj,..., nl, are the corresponding exponents k;,...,k;, ji,---;, js. The conclu- 


sion: each of the integers k; and j; must be divisible by n. If we now put 


ki/n pe an pee 


a;=Pp, Pp 
b, = gee * gil” 


then a} = a, bi = b, as desired. 


With the routine work now out of the way, the characterization of all primitive 


Pythagorean triples is fairly straightforward. 


Theorem 12.1. All the solutions of the Pythagorean equation 
P4rya? 
satisfying the conditions 
gcd(x, y, z) = 1 2| xX x>0,y>0,z>0 
are given by the formulas 
= 25h y=s°-2? z=s°+?? 
for integers s > t > O such that gcd(s, t) = 1 ands ¥ t (mod 2). 
Proof. To start, let x, y, z be a (positive) primitive Pythagorean triple. Because we 


have agreed to take x even, and y and z both odd, z — y and z + y are even integers; 
say,z — y = 2uandz+ y = 2v. Now the equation x” + y* = 2” may be rewritten as 


w=? —y=(z-ylz+y) 


ec ) z~; zt+y 

—) = =uv 

2 , 2 

Notice that u and v are relatively prime; indeed, if gcd(u, v) = d > 1, thend | (u — v) 
and d | (u + v), orequivalently, d | y andd | z, which violates the fact that gcd(y, z) = 1. 


Taking Lemma 2 into consideration, we may conclude that u and v are each perfect 
squares; to be specific, let 


whence 


where s and ¢ are positive integers. The result of substituting these values of u and v 
reads 


z=vtuss?t+r 
y=v—-u=s?-? 


x? = 4vu = 4571? 
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or, in the last case x = 2st. Because a common factor of s and t divides both y and z, 
the condition gcd(y, z) = 1 forces gcd(s, t) = 1. It remains for us to observe that if s 
and t were both even, or both odd, then this would make each of y and z even, which 
is an impossibility. Hence, exactly one of the pairs, ¢ is even, and the other is odd; in 
symbols, s 4 t (mod 2). 

Conversely, let s and ¢ be two integers subject to the conditions described before. 
That x = 2st, y = s* —t*, z =s* +127 form a Pythagorean triple follows from the 
easily verified identity 


x2 as y? a (2st)? aie (s? es 1?) ras (s? ai cy = 22 


To see that this triple is primitive, we assume that gcd(x, y, z) = d > 1 and take p to 
be any prime divisor of d. Observe that p 4 2, because p divides the odd integer z (one 
of s and t is odd, and the other is even, hence, s* + 12 = z must be odd). From p | y 
and p|z, we obtain p|(z + y) and p|(z — y), or put otherwise, p | 2s? and p | 22?. 
But then p|s and p|t, which is incompatible with gcd(s, t) = 1. The implication of 
all this is that d = 1 and so x, y, z constitutes a primitive Pythagorean triple. Theorem 
12.1 is thus proven. 


The table below lists some primitive Pythagorean triples arising from small 
values of s and t. For each value of s = 2,3, ..., 7, we have taken those values of t 
that are relatively prime to s, less than s, and even whenever s is odd. 


x y z 
s t (2st) (s2 — 7) (s? + #7) 
y) 1 4 3 5 
3 2 12 5 13 
4 1 8 15 7 
4 3 24 7 25 
5 2 20 21 29 
5 4 40 9 Al 
6 1 12 35 37 
6 5 60 11 61 
7 p, 28 45 53 
yi 4 56 33 65 
7 6 84 13 85 


From this, or from a more extensive table, the reader might be led to suspect 
that if x, y, z is a primitive Pythagorean triple, then exactly one of the integers x or 
y is divisible by 3. This is, in fact, the case. For, by Theorem 12.1, we have 


owns y=s*-?? z=s°4+?r? 


where gcd(s, t) = 1. If either 3|s or 3|t, then evidently 3| x, and we need go no 
further. Suppose that 3 J s and3 { t. Fermat’s theorem asserts that 


s?>=1(mod3) —_t? = 1 (mod 3) 
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and so 
y =s* —t? = 0 (mod 3) 


In other words, y is divisible by 3, which is what we were required to show. 

Let us define a Pythagorean triangle to be a right triangle whose sides are 
of integral length. Our findings lead to an interesting geometric fact concerning 
Pythagorean triangles, recorded as Theorem 12.2. 


Theorem 12.2. The radius of the inscribed circle of a Pythagorean triangle is always 
an integer. 


Proof. Let r denote the radius of the circle inscribed in a right triangle with hypotenuse 
of length z and sides of lengths x and y. The area of the triangle is equal to the sum of 
the areas of the three triangles having common vertex at the center of the circle; hence, 


1 is agit eae 
SKY SST X. a ff Ve SST 
ee ED ate Rae 


The situation is illustrated below: 


. Ly 
2 
i 
Now x? + y” = z?. But we know that the positive integral solutions of this equation 
are given by 
x=2kst y=ks*—0?) z=k(s*+t?) 
for an appropriate choice of positive integers k, s, t. Replacing x, y, z in the equation 
xy =r(x + y + z) by these values and solving for r, it will be found that 
2k? st(s? — t?) 
ro 
k(Qst + s2 —t?2 + 524 1?) 
kis? =f?) 
— stt 
= kt(s — t) 


which is an integer. 


We take the opportunity to mention another result relating to Pythagorean tri- 
angles. Notice that it is possible for different Pythagorean triangles to have the same 
area; for instance, the right triangles associated with the primitive Pythagorean triples 
20, 21, 29 and 12, 35, 37 each have an area equal to 210. Fermat proved: For any 
integer n > 1, there exist n Pythagorean triangles with different hypotenuses and 
the same area. The details of this are omitted. 
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PROBLEMS 12.1 


1. 


10. 


11. 


12. 


(a) Find three different Pythagorean triples, not necessarily primitive, of the form 
16, y, z. 

(b) Obtain all primitive Pythagorean triples x, y, z in which x = 40; do the same for 
x = 60. 


. If x, y, z is a primitive Pythagorean triple, prove that x + y and x — y are congruent 


modulo 8 to either 1 or 7. 


. (a) Prove that if n 4 2 (mod 4), then there is a primitive Pythagorean triple x, y, z in 


which x or y equals n. 

(b) If > 3 is arbitrary, find a Pythagorean triple (not necessarily primitive) having n as 
one of its members. 
[Hint: Assuming n is odd, consider the triple n, $(n? — 1), 3(n? + 1); for n even, 
consider the triple n, (n?/4) — 1, (n?/4) + 1.] 


. Prove that in a primitive Pythagorean triple x, y, z, the product xy is divisible by 12, 


hence 60 | xyz. 


. For a given positive integer n, show that there are at least n Pythagorean triples having 


the same first member. 
[Hint: Let y, = 2*(22"-** — 1) and z, = 2*(27"-** 4+ 1) fork = 0, 1,2,...,n2 —1.Then 
2"+1 yx, zz are all Pythagorean triples. ] 


. Verify that 3, 4, 5 is the only primitive Pythagorean triple involving consecutive positive 
integers. 
. Show that 3n, 4n, 5n where n = 1,2,... are the only Pythagorean triples whose terms 


are in arithmetic progression. 
[Hint: Call the triple in question x — d, x, x + d, and solve for x in terms of d.] 


. Find all Pythagorean triangles whose areas are equal to their perimeters. 


[Hint: The equations x? + y* = z* andx + y +z = 4xy imply that (x — 4)(y — 4) = 8.] 


. (a) Prove that if x, y, z is a primitive Pythagorean triple in which x and z are consecutive 


positive integers, then 
x =2t(?t+1) y=2t+1 z=2¢+D+1 


for some t > 0. 
[Hint: The equation 1 = z — x = s* + t? — 2st implies that s — t = 1.] 

(b) Prove that if x, y, zis a primitive Pythagorean triple in which the difference z — y = 2, 
then 


eat ySerod gers 


for some t > 1. 
Show that there exist infinitely many primitive Pythagorean triples x, y, z whose even 
member x is a perfect square. 
[Hint: Consider the triple 4n?, n* — 4, n* + 4, where n is an arbitrary odd integer. ] 
For an arbitrary positive integer n, show that there exists a Pythagorean triangle the radius 
of whose inscribed circle is n. 
[Hint: If r denotes the radius of the circle inscribed in the Pythagorean triangle having 
sides a and b and hypotenuse c, then r = $(a + b —c). Now consider the triple 2n + 1, 
2n* + 2n, 2n? + 2n +11] 
(a) Establish that there exist infinitely many primitive Pythagorean triples x, y, z in 
which x and y are consecutive positive integers. Exhibit five of these. 
[Hint: If x, x + 1, z forms a Pythagorean triple, then so does the triple 3x + 2z + 1, 
3x +2z7+2,4*% +3z7+2.] 
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(b) Show that there exist infinitely many Pythagorean triples x, y, z in which x and y 
are consecutive triangular numbers. Exhibit three of these. 
(Hint: If x, x + 1, z forms a Pythagorean triple, then so does f2,, f2x41, (2x + 1)z.] 
13. Use Problem 12 to prove that there exist infinitely many triangular numbers that are 
perfect squares. Exhibit five such triangular numbers. 
(Hint: If x, x + 1, z forms a Pythagorean triple, then upon setting u = z—x—-—l,v= 
x + $(1 — z), one obtains u(u + 1)/2 = v?.] 


12.2) FERMAT’S LAST THEOREM 


With our knowledge of Pythagorean triples, we are now prepared to take up the 
one case in which Fermat himself had a proof of his conjecture, the case n = 4. 
The technique used in the proof is a form of induction sometimes called “Fermat’s 
method of infinite descent.” In brief, the method may be described as follows: It is 
assumed that a solution of the problem in question is possible in the positive integers. 
From this solution, one constructs a new solution in smaller positive integers, which 
then leads to a still smaller solution, and so on. Because the positive integers cannot 
be decreased in magnitude indefinitely, it follows that the initial assumption must 
be false and therefore no solution is possible. 

Instead of giving a proof of the Fermat conjecture for n = 4, it turns out to be 
easier to establish a fact that is slightly stronger, namely, the impossibility of solving 
the equation x* + y* = z? in the positive integers. 


Theorem 12.3. Fermat. The Diophantine equation x* + y* = 2” has no solution in 
positive integers x, y, Zz. 


Proof. With the idea of deriving a contradiction, let us assume that there exists a 
positive solution xo, yo, Zo of x4 + y* = z*. Nothing is lost in supposing also that 
gcd(xo, yo) = 1; otherwise, put gcd(xo, yo) = d, xo = dx1, yo = dy1, zo = dz to 
get x} + y? = 27 with gcd(x1, y;) = 1. 

Expressing the supposed equation Xe + yg = Zz in the form 


Gay On) Sze 


we see that Tee Yes Zo meet all the requirements of a primitive Pythagorean triple, and 
therefore Theorem 12.1 can be brought into play. In such triples, one of the integers 
ae or ye is necessarily even, whereas the other is odd. Taking xe (and hence xo) to be 
even, there exist relatively prime integers s > t > O satisfying 


Dales 

Xo = 2st 
yeas??? 
Z=se te? 


where exactly one of s and ¢ is even. If it happens that s is even, then we have 
l=y,=—s*-?? =0-153 (mod 4) 


which is an impossibility. Therefore, s must be the odd integer and, in consequence, 
t is the even one. Let us put tf = 27. Then the equation Xe = 2st becomes x =Asr, 
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which says that 


a] 

—) =sr 

2 

But Lemma 2 asserts that the product of two relatively prime integers [note that 
gcd(s, t) = 1 implies that gcd(s, r) = 1] is a square only if each of the integers it- 


self is a square; hence, s = ae r= w? for positive integers z;, W1. 
We wish to apply Theorem 12.1 again, this time to the equation 


aoe ye = 5? 
Because gcd(s, t) = 1, it follows that gcd(t, yo, s) = 1, making f¢, yo, s a primitive 
Pythagorean triple. With ¢ even, we obtain 


t = 2uv 
yo =u? —y? 
s=u+y 


for relatively prime integers u > v > 0. Now the relation 


signifies that u and v are both squares (Lemma 2 serves its purpose once more); 
say, u = ae andv = me When these values are substituted into the equation for s, the 
result is 


ga=saut+vaxit+y 
A crucial point is that, z; and t being positive, we also have the inequality 


2 


0<2<G=s<s <s°+P=x2% 


What has happened is this. Starting with one solution xo, yo, zo of x* + y* = z?, 
we have constructed another solution x;, y;, z; such that 0 < z; < zo. Repeating the 
whole argument, our second solution would lead to a third solution x2, y2, z2 with 
0 < z2 < z1, which, in turn, gives rise to a fourth. This process can be carried out as 
many times as desired to produce an infinite decreasing sequence of positive integers 


ZO > 21 > 22 > °°: 


Because there is only a finite supply of positive integers less than zo, a contradiction 
occurs. We are forced to conclude that x* + y* = 2? is not solvable in the positive 
integers. 


As an immediate result, one gets the following corollary. 


Corollary. The equation x+ + y* = z‘ has no solution in the positive integers. 


Proof. If xo, yo, Zo were a positive solution of x* + y* = z+, then xo, yo, Ze would 
satisfy the equation x* + y* = z?, in conflict with Theorem 12.3. 


If n > 2, then n is either a power of 2 or divisible by an odd prime p. In the 


first case, n = 4k for some k > 1 and the Fermat equation x” + y” = z” can be 
written as 


(x*)* + (y)* = (4 
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We have just seen that this equation is impossible in the positive integers. When 
n = pk, the Fermat equation is the same as 


GEO =@) 
If it could be shown that the equation uv? + v? = w” has no solution, then, in par- 
ticular, there would be no solution of the form u = x*, v = ye. w = Zz; hence, 


x” + y” = z" would not be solvable. Therefore, Fermat’s conjecture reduces to this: 
For no odd prime p does the equation 


xP + yP = zP 


admit a solution in the positive integers. 

Although the problem has challenged the foremost mathematicians of the last 
300 years, their efforts tended to produce partial results and proofs of individual 
cases. Euler gave the first proof of the Fermat conjecture for the prime p = 3 in the 
year 1770; the reasoning was incomplete at one stage, but Legendre later supplied 
the missing steps. Using the method of infinite descent, Dirichlet and Legendre 
independently settled the case p = 5 around 1825. Not long thereafter, in 1839, 
Lamé proved the conjecture for seventh powers. With the increasing complexity 
of the arguments came the realization that a successful resolution of the general 
case called for different techniques. The best hope seemed to lie in extending the 
meaning of “integer” to include a wider class of numbers and, by attacking the 
problem within this enlarged system, obtaining more information than was possible 
by using ordinary integers only. 

The German mathematician Kummer made the major breakthrough. In 1843, 
he submitted to Dirichlet a purported proof of Fermat’s conjecture based upon an 
extension of the integers to include the so-called algebraic numbers (that is, complex 
numbers satisfying polynomials with rational coefficients). Having spent consider- 
able time on the problem himself, Dirichlet was immediately able to detect the flaw 
in the reasoning: Kummer had taken for granted that algebraic numbers admit a 
unique factorization similar to that of the ordinary integers, which is not always true. 

But Kummer was undeterred by this perplexing situation and returned to his 
investigations with redoubled effort. To restore unique factorization to the algebraic 
numbers, he was led to invent the concept of ideal numbers. By adjoining these new 
entities to the algebraic numbers, Kummer successfully proved Fermat’s conjecture 
for a large class of primes that he termed regular primes (that this represented an 
enormous achievement is reflected in the fact that the only irregular primes less 
than 100 are 37, 59, and 67). Unfortunately, it is still not known whether there are 
an infinite number of regular primes, whereas in the other direction, Jensen (1915) 
established that there exist infinitely many irregular ones. Almost all the subsequent 
progress on the problem was within the framework suggested by Kummer. 

In 1983, a 29-year-old West German mathematician, Gerd Faltings, proved that 
for each exponent n > 2, the Fermat equation x” + y” = z” can have at most a finite 
number (as opposed to an infinite number) of integral solutions. At first glance, this 
may not seem like much of an advance; but if it could be shown that the finite number 
of solutions was zero in each case, then the Fermat’s conjecture would be laid to rest 
once and for all. 
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Another striking result, established in 1987, was that Fermat’s assertion is true 
for “almost all” values of n; that is, as n increases the percentage of cases in which 
the conjecture could fail approaches zero. 

With the advent of computers, various numerical tests were devised to verify 
Fermat’s conjecture for specific values of n. In 1977, S.S. Wagstaff took over 2 years, 
using computing time on four machines on weekends and holidays, to show that the 
conjecture held for all < 125000. Since that time, the range of exponents for which 
the result was determined to be true has been extended repeatedly. By 1992, Fermat’s 
conjecture was known to be true for exponents up to 4000000. 

For a moment in the summer of 1993, it appeared that the final breakthrough 
had been made. At the conclusion of three days of lectures in Cambridge, Eng- 
land, Andrew Wiles of Princeton University stunned his colleagues by announcing 
that he could favorably resolve Fermat’s conjecture. His proposed proof, which had 
taken seven years to prepare, was an artful blend of many sophisticated techniques 
developed by other mathematicians only within the preceding decade. The key in- 
sight was to link equations of the kind posed by Fermat with the much-studied 
theory of elliptic curves; that is, curves determined by cubic polynomials of the 
form y* = x° + ax + b, where a and b are integers. 

The overall structure and strategy of Wiles’s argument was so compelling that 
mathematicians hailed it as almost certainly correct. But when the immensely com- 
plicated 200-page manuscript was carefully scrutinized for hidden errors, it revealed 
a subtle snag. No one claimed that the flaw was fatal, and bridging the gap was felt 
to be feasible. Over a year later, Wiles provided a corrected, refined, and shorter 
(125-page) version of his original proof to the enthusiastic reviewers. The revised 
argument was seen to be sound, and Fermat’s seemingly simple claim was finally 
settled. 

The failure of Wiles’s initial attempt is not really surprising or unusual in math- 
ematical research. Normally, proposed proofs are privately circulated and examined 
for possible flaws months in advance of any formal announcement. In Wiles’s case, 
the notoriety of one of number theory’s most elusive conjectures brought premature 
publicity and temporary disappointment to the mathematical community. 

To round out our historical digression, we might mention that in 1908 a prize 
of 100,000 marks was bequeathed to the Academy of Science at Gottingen to be 
paid for the first complete proof of Fermat’s conjecture. The immediate result was 
a deluge of incorrect demonstrations by amateur mathematicians. Because only 
printed solutions were eligible, Fermat’s conjecture is reputed to be the mathematical 
problem for which the greatest number of false proofs have been published; indeed, 
between 1908 and 1912 over one thousand alleged proofs appeared, mostly printed 
as private pamphlets. Suffice it to say, interest declined as the German inflation 
of the 1920s wiped out the monetary value of the prize. (With the introduction of 
the Reichsmark and Deutsche Mark [DM] and after various currency revaluations, 
the award was worth about DM 75,000 or $40,000 when it was presented to Wiles 
in 1997.) 

From x* + y+ = z*, we move on to a closely related Diophantine equation, 
namely, x* — y* = z*. The proof of its insolubility parallels that of Theorem 12.3, 
but we give a slight variation in the method of infinite descent. 


256 


ELEMENTARY NUMBER THEORY 


Theorem 12.4 Fermat. The Diophantine equation x* — y* = z? has no solution in 
positive integers x, y, Z. 


Proof. The proof proceeds by contradiction. Let us assume that the equation admits 
a solution in the positive integers and among these solutions xo, yo, Zo is one with 
a least value of x; in particular, this supposition forces x9 to be odd. (Why?) Were 
gcd(xo, yo) =d > 1, then putting x9 = dx), yo = dyi, we would have d*(x} — y/) = 
Za, whence d? | zo or zo = d7z, for some z; > 0. It follows that x, y;, z; provides a 
solution to the equation under consideration with 0 < x; < x9, which is an impossible 
situation. Thus, we are free to assume a solution X9, yo, Zo in which gcd(xo, yo) = 1. 
The ensuing argument falls into two stages, depending on whether yo is odd or even. 

First, consider the case of an odd integer yo. If the equation xj — yj = z@ is 
written in the form Za + (ye i (x6 2, we see that Zo, Ves Xf constitute a primitive 
Pythagorean triple. Theorem 12.1 asserts the existence of relatively prime integers 
s >t > 0 for which 


Zo = 2st 
ye = s*—2? 
cas ae 


Thus, it appears that 
eres saat (s? + t?)(s” — i) a x59 = (xoyo)” 


making s, t, Xo yo a (positive) solution to the equation x* — y* = z?. Because 


O<s <vVs2+12 = xp 


we arrive at a contradiction to the minimal nature of xp. 
For the second part of the proof, assume that yo is an even integer. Using the 
formulas for primitive Pythagorean triples, we now write 


Vo = 2st 
Zp = s* — tt? 
seen ae al 


where s may be taken to be even and ¢ to be odd. Then, in the relation ye = 2st, we have 
gcd(2s, t) = 1. The now-customary application of Lemma 2 tells us that 2s and ¢ are 
each squares of positive integers; say, 2s = w*, t = v*. Because w must of necessity 
be an even integer, set w = 2u to get s = 2u”. Therefore, 


xgaerth? =4ui +4 


and so 2u?, v”, xo forms a primitive Pythagorean triple. Falling back on Theorem 12.1 
again, there exist integers a > b > 0 for which 


2u? = 2ab 
gree 
xp =a’ +b? 
where gcd(a, b) = 1. The equality u? = ab ensures that a and b are perfect squares, 


so that a = c* and b = d?. Knowing this, the rest of the proof is easy; for, upon 
substituting, 


v=a—-b=c'-d 
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The result is a new solution c, d, v of the given equation x* — y* = 2? and what is 
more, a solution in which 


0<cH=VJVa<@+b=x 


contrary to our assumption regarding Xo. 
The only resolution of these contradictions is that the equation x+ — y* = z? 
cannot be satisfied in the positive integers. 


In the margin of his copy of Diophantus’s Arithmetica, Fermat states and proves 
the following: the area of a right triangle with rational sides cannot be the square of a 
rational number. Clearing of fractions, this reduces to a theorem about Pythagorean 
triangles, to wit, Theorem 12.5. 


Theorem 12.5. The area of a Pythagorean triangle can never be equal to a perfect 
(integral) square. 


Proof. Consider a Pythagorean triangle whose hypotenuse has length z and other two 
sides have lengths x and y, so that x* + y* = z*. The area of the triangle in question 
is 5xy, and if this were a square, say u?, it would follow that 2xy = 4u?. By adding 
and subtracting the last-written equation from x? + y? = 2”, we are led to 


(x + y)? = z7 + 4y? and (x — yy’ = z7 — 4y? 


When these last two equations are multiplied together, the outcome is that two fourth 
powers have as their difference a square: 


(Pa y?l =z — 16u* =o? — Ou) 


Because this amounts to an infringement on Theorem 12.4, there can be no Pythagorean 
triangle whose area is a square. 


There are a number of simple problems pertaining to Pythagorean triangles that 
still await solution. The corollary to Theorem 12.3 may be expressed by saying that 
there exists no Pythagorean triangle all the sides of which are squares. However, 
it is not difficult to produce Pythagorean triangles whose sides, if increased by 1, 
are squares; for instance, the triangles associated with the triples 13* — 1, 10? — 1, 
142 — 1, and 287” — 1, 265? — 1, 3297 — 1. An obvious—and as yet unanswered— 
question is whether there are an infinite number of such triangles. We can find 
Pythagorean triangles each side of which is a triangular number. [By a triangular 
number, we mean an integer of the form ft, = n(n + 1)/2.] An example of such 
is the triangle corresponding to 1132, f143, ti64. It is not known if infinitely many 
Pythagorean triangles of this type exist. 

As aclosing comment, we should observe that all the effort expended on attempt- 
ing to prove Fermat’s conjecture has been far from wasted. The new mathematics 
that was developed as a by-product laid the foundations for algebraic number theory 
and the ideal theory of modern abstract algebra. It seems fair to say that the value of 
these far exceeds that of the conjecture itself. 

Another challenge to number theorists, somewhat akin to Fermat’s conjecture, 
concerns the Catalan equation. Consider for the moment the squares and cubes of 
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positive integers in increasing order: 
1, 4, 8, 9, 16, 25, 27, 36, 49, 64, 81, 100, ... 


We notice that 8 and 9 are consecutive integers in this sequence. The medieval 
astronomer Levi ben Gershon (1288-1344) proved that there are no other consecutive 
powers of 2 and 3; to put it another way, he showed that if 3” — 2” = +1, with 
m > 1 andn > 1, then m = 2 and n = 3. In 1738, Euler, using Fermat’s method 
of infinite descent, dealt with the equation x* — y* = +1, proving that x = 2 and 
y = 3. Catalan himself contributed little more to the consecutive-power problem 
than the assertion (1844) that the only solution of the equation x” — y” = 1 in 
integers x, y, m,n, all greater than 1,ism = y = 2,n = x = 3. This statement, now 
known as Catalan’s conjecture, was proved, in 2002. 

Over the years, the Catalan equation x” — y” = 1 had been shown to be impos- 
sible of solution for special values of m and n. For example in 1850, V. A. Lebesgue 
proved that x” — y* = 1 admits no solution in the positive integers for m 4 3; but, 
it remained until 1964 to show that the more difficult equation x? — y” = 1 is not 
solvable for n 4 3. The cases x? — y” = 1 and x” — y>? = 1, withm 2, were suc- 
cessfully resolved in 1921. The most striking result, obtained by R. Tijdeman in 
1976, is that x” — y” = 1 has only a finite number of solutions, all of which are 
smaller than some computable constant C > 0; that is, x”, y” < C. 

Suppose that Catalan’s equation did have a solution other than 3* — 2? = 1. 
If p and q are primes dividing m and n respectively, then x”/? and y"/7 would 
provide a solution to the equation vu? — v? = 1. What needed to be shown was that 
this equation was not solvable in integers u, v > 2 and distinct primes p, gq > 5. One 
approach called for obtaining explicit bounds on the possible size of the exponents. A 
series of investigations continually sharpened the restrictions until by the year 2000 
it was known that 3 - 108 < p < (7.15)10!! and 3.108 < g < (7.75)10!°. Thus, the 
Catalan conjecture could in principle be settled by exhaustive computer calculations; 
but until the upper bound was lowered, this would take a long time. 

In 2000, Preda Mihailescu proved that for a Catalan solution to exist, p and q 
must satisfy the simultaneous congruences 


p?-! = 1(modg?) and gq?! = 1(mod p’) 


These are known as double Wieferich primes, after Arthur Wieferich, who inves- 
tigated (1909) the congruence 2?~! = 1 (mod p?). Such pairs of primes are rare, 
with only six pairs having been identified so far. Furthermore, as each of these 12 
primes is less than 3 - 108, none satisfied the known restrictions. Taking advantage 
of his results on Wieferich primes, Mihailescu continued to work on the problem. He 
finally settled the famous question early in the following year: the only consecutive 
powers are 8 and 9. 
One interesting consequence of these results is that no Fermat number F, = 
27" + 1 can be a power of another integer, the exponent being greater than 1. For if 
n= a™,withm > 2, thena” — (2° = 1, which would imply that the equation 
x™ — y? = | has a solution. 
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PROBLEMS 12.2 


1. 


Show that the equation x? + y? = z? has infinitely many solutions for x, y, z positive 
integers. 
[Hint: For any n > 2, let x = n(n? — 3) and y = 3n* — 1.] 


. Prove the theorem: The only solutions in nonnegative integers of the equation x7 + 2y? = 


2’, with gcd(x, y, z) = 1, are given by 
x = +(2s* — 7) y = 2st 2S 2s +r 


where s, ¢ are arbitrary nonnegative integers. 
[Hint: If u, v, w are such that y = 2w, z+x = 2u, z —x = 2v, then the equation 
becomes 2w? = uv.] 


. Ina Pythagorean triple x, y, z, prove that not more than one of x, y, or z can be a perfect 


square. 


. Prove each of the following assertions: 


(a) The system of simultaneous equations 


ep yas Hl and x —y=w-1 


has infinitely many solutions in positive integers x, y, z, w. 
[Hint: For any integer n > 1, take x = 2n? and y = 2n.] 
(b) The system of simultaneous equations 


rty=2? and x“-—y 


I 
= 


admits no solution in positive integers x, y, Z, w. 
(c) The system of simultaneous equations 


vrty=2774+1 and v—y=w*4+1 
has infinitely many solutions in positive integers x, y, z, w. 
[Hint: For any integer n > 1, take x = 8n* + 1 and y = 8n? |] 


Use Problem 4 to establish that there is no solution in positive integers of the simultaneous 
equations 


ey SZ and x? 4+ 2y? = w? 


[Hint: Any solution of the given system also satisfies z* + y* = w? and z? — y* = x?.] 


. Show that there is no solution in positive integers of the simultaneous equations 


P4rya?? aad ee are 

hence, there exists no Pythagorean triangle whose hypotenuse and one of whose sides 
form the sides of another Pythagorean triangle. 

[Hint: Any solution of the given system also satisfies x* + (wy)* = z4.] 


. Prove that the equation x — y+ = 2z7 has no solutions in positive integers x, y, z. 


[Hint: Because x, y must be both odd or both even, x” + y? = 2a”, x +. y = 2b?, 
x-y= 2c* for some a, b, c; hence, a2 = b* + c*.] 


. Verify that the only solution in relatively prime positive integers of the equation x* + y* = 


227 isx=y=z=l1. 
[Hint: Any solution of the given equation also satisfies the equation 


4 .4\2 
A ayyt= (7 *) J] 


2 
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4 _ 4y4 = 2* has no solution in positive integers 


9. Prove that the Diophantine equation x 

bs Per 
[Hint: Rewrite the given equation as (2y”)? + z* = (x?)? and appeal to Theorem 12.1.] 

10. Use Problem 9 to prove that there exists no Pythagorean triangle whose area is twice a 
perfect square. 
[Hint: Assume to the contrary that x? + y* = z? and $xy = 2w”. Then (x+y)? = 
z? + 8w?, and (x — y)* = z* — 8w”. This leads to z* — 4(2w)* = (x? — y*)?.] 

11. Prove the theorem: The only solutions in positive integers of the equation 


1 1 1 
ed mene gcd(x, y> z= 1 


are given by 
= Qst(s? + t?) 2. Cee ee Qst(s? — t?) 


where s, ¢ are relatively prime positive integers, one of which is even, with s > f. 
12. Show that the equation 1/x* + 1/y* = 1/z* has no solution in positive integers. 


CHAPTER 


REPRESENTATION OF INTEGERS 
AS SUMS OF SQUARES 


The object of pure Physic is the unfolding of the laws of the intelligible world; 
the object of pure Mathematic that of unfolding the laws of human intelligence. 
J. J. SYLVESTER 


13.1 JOSEPH LOUIS LAGRANGE 


After the deaths of Descartes, Pascal, and Fermat, no French mathematician of 
comparable stature appeared for over a century. In England, meanwhile, mathematics 
was being pursued with restless zeal, first by Newton, then by Taylor, Stirling, and 
Maclaurin, while Leibniz came upon the scene in Germany. Mathematical activity 
in Switzerland was marked by the work of the Bernoullis and Euler. Toward the end 
of the 18th century, Paris did again become the center of mathematical studies, as 
Lagrange, Laplace, and Legendre brought fresh glory to France. 

An Italian by birth, German by adoption, and Frenchman by choice, Joseph 
Louis Lagrange (1736-1813) was, next to Euler, the foremost mathematician of the 
18th century. When he entered the University of Turin, his great interest was in 
physics, but, after chancing to read a tract by Halley on the merits of Newtonian 
calculus, he became excited about the new mathematics that was transforming celes- 
tial mechanics. He applied himself with such energy to mathematical studies that he 
was appointed, at the age of 18, professor of geometry at the Royal Artillery School 
in Turin. The French Academy of Sciences soon became accustomed to including 
Lagrange among the competitors for its biennial prizes: between 1764 and 1788, he 
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Joseph Louis Lagrange 
(1736-1813) 


(Dover Publications, Inc.) 


won five of the coveted prizes for his applications of mathematics to problems in 
astronomy. 

In 1766, when Euler left Berlin for St. Petersburg, Frederick the Great arranged 
for Lagrange to fill the vacated post, accompanying his invitation with a modest 
message that said, “It is necessary that the greatest geometer of Europe should 
live near the greatest of Kings.” (To D’Alembert, who had suggested Lagrange’s 
name, the King wrote, “To your care and recommendation am I indebted for having 
replaced a half-blind mathematician with a mathematician with both eyes, which will 
especially please the anatomical members of my academy.”) For the next 20 years, 
Lagrange served as director of the mathematics section of the Berlin Academy, 
producing work of high distinction that culminated in his monumental treatise, the 
Mécanique Analytique (published in 1788 in four volumes). In this work he unified 
general mechanics and made of it, as the mathematician Hamilton was later to 
say, “a kind of scientific poem.” Holding that mechanics was really a branch of pure 
mathematics, Lagrange so completely banished geometric ideas from the Mécanique 
Analytique that he could boast in the preface that not a single diagram appeared in 
its pages. 

Frederick the Great died in 1786, and Lagrange, no longer finding a sympathetic 
atmosphere at the Prussian court, decided to accept the invitation of Louis XVI to 
settle in Paris, where he took French citizenship. But the years of constant activity 
had taken their toll: Lagrange fell into a deep mental depression that destroyed his 
interest in mathematics. So profound was his loathing for the subject that the first 
printed copy of the Mécanique Analytique—the work of a quarter century—lay 
unexamined on his desk for more than two years. Strange to say, it was the turmoil 
of the French Revolution that helped to awaken him from his lethargy. Following 
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the abolition of all the old French universities (the Academy of Sciences was also 
suppressed) in 1793, the revolutionists created two new schools, with the humble 
titles of Ecole Normale and Ecole Polytechnique, and Lagrange was invited to lecture 
on analysis. Although he had not lectured since his early days in Turin, having 
been under royal patronage in the interim, he seemed to welcome the appointment. 
Subject to constant surveillance, the instructors were pledged “neither to read nor 
repeat from memory” and transcripts of their lectures as delivered were inspected 
by the authorities. Despite the petty harassments, Lagrange gained a reputation as 
an inspiring teacher. His lecture notes on differential calculus formed the basis of 
another classic in mathematics, the Théorie des Fonctions Analytique (1797). 

Although Lagrange’s research covered an extraordinarily wide spectrum, he 
possessed, much like Diophantus and Fermat before him, a special talent for the 
theory of numbers. His work here included: the first proof of Wilson’s theorem that 
ifn is a prime, then (n — 1)! = —1 (mod _n); the investigation of the conditions under 
which +2 and +5 are quadratic residues or nonresidues of an odd prime (—1 and 
+3 having been discussed by Euler); finding all integral solutions of the equation 
x* — ay” = 1; and the solution of a number of problems posed by Fermat to the 
effect that certain primes can be represented in particular ways (typical of these is 
the result that asserts that every prime p = 3 (mod 8) is of the form p = a* + 2b”). 
This chapter focuses on the discovery for which Lagrange has acquired his greatest 
renown in number theory, the proof that every positive integer can be expressed as 
the sum of four squares. 


13.2 SUMS OF TWO SQUARES 


Historically, a problem that has received a good deal of attention has been that of 
representing numbers as sums of squares. In the present chapter, we develop enough 
material to settle completely the following question: What is the smallest value n 
such that every positive integer can be written as the sum of not more than n squares? 
Upon examining the first few positive integers, we find that 


1=17 
2=17+4+1? 
3=174+174+1? 
4=?2? 
5=27+1? 


6S 22 lee 
Ne ae a eae eae 


Because four squares are needed in the representation of 7, a partial answer to 
our question is that n > 4. Needless to say, there remains the possibility that some 
integers might require more than four squares. A justly famous theorem of Lagrange, 
proved in 1770, asserts that four squares are sufficient; that is, every positive integer 
is realizable as the sum of four squared integers, some of which may be 0 = 07. This 
is our Theorem 13.7. 
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To begin with simpler things, we first find necessary and sufficient conditions 
that a positive integer be representable as the sum of two squares. The problem may 
be reduced to the consideration of primes by the following lemma. 


Lemma. If m and n are each the sum of two squares, then so is their product mn. 


Proof. If m = a? + b? andn = c? + d?* for integers a, b, c, d, then 
mn = (a? + b*)(c? + d*) = (ac + bd) + (ad — bey 
It is clear that not every prime can be written as the sum of two squares; for 


instance, 3 = a* + b* has no solution for integral a and b. More generally, one can 
prove Theorem 13.1. 


Theorem 13.1. No prime p of the form 4k + 3 is a sum of two squares. 
Proof. Modulo 4, we have a = 0, 1, 2, or 3 for any integer a; consequently, a? =0Oor 
1 (mod 4). It follows that, for arbitrary integers a and b, 
a’ +b* = 0, 1, or 2 (mod 4) 
Because p = 3 (mod 4), the equation p = a* + b* is impossible. 
On the other hand, any prime that is congruent to 1 modulo 4 is expressible as 
the sum of two squared integers. The proof, in the form we shall give it, employs a 


theorem on congruences due to the Norwegian mathematician Axel Thue. This, in 
its turn, relies on Dirichlet’s famous pigeonhole principle. 


Pigeonhole principle. If n objects are placed in m pigeonholes and if n > m, then 
some pigeonhole will contain at least two objects. 


Phrased in more mathematical terms, this simple principle asserts that if a set 
with n elements is the union of m of its subsets and if m > m, then some subset has 
more than one element. 

Lemma (Thue). Let p be a prime and let gcd(a, p) = 1. Then the congruence 
ax = y (mod p) 


admits a solution x9, yo, where 


0 < |xo| < /p and 0 < |yo| < /p 


Proof. Let k = [./p] + 1, and consider the set of integers 
S={ax—y\lO<x<k-1,0<y<k-Jl} 


Because ax — y takes on k* > p possible values, the pigeonhole principle guarantees 
that at least two members of S must be congruent modulo p; call them ax; — y; and 
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ax2 — y2, where x; # X2 Or yy # y2. Then we can write 

a(x; — X2) = y1 — y2 (mod p) 
Setting x9 = x; — X2 and yo = yj — yo, it follows that xp and yo provide a solution 
to the congruence ax = y (mod p). If either x9 or yo is equal to zero, then the fact 


that gcd(a, p) = 1 can be used to show that the other must also be zero, contrary to 
assumption. Hence, 0 < |xo| < k — 1 < ./pand0 < |yo| <k —1 < \/p. 


We are now ready to derive the theorem of Fermat that every prime of the form 
4k + 1 can be expressed as the sum of squares of two integers. (In terms of priority, 
Albert Girard recognized this fact several years earlier and the result is sometimes 
referred to as Girard’s theorem.) Fermat communicated his theorem in a letter to 
Mersenne, dated December 25, 1640, stating that he possessed an irrefutable proof. 
However, the first published proof was given by Euler in 1754, who in addition 
succeeded in showing that the representation is unique. 


Theorem 13.2 Fermat. An odd prime p is expressible as a sum of two squares if 
and only if p = 1 (mod 4). 


Proof. Although the “only if” part is covered by Theorem 13.1, let us give a differ- 
ent proof here. Suppose that p can be written as the sum of two squares, let us say 
p =a’ +b’. Because p is a prime, we have p { a and p J b. (If p|a, then p |b’, 
and so p | b, leading to the contradiction that p* | p.) Thus, by the theory of linear con- 
gruences, there exists an integer c for which bc = 1 (mod p). Modulo p, the relation 
(ac)? + (bc) = pc? becomes 


(acy = —1 (mod p) 


making —1 a quadratic residue of p. At this point, the corollary to Theorem 9.2 comes 
to our aid, for (—1/p) = 1 only when p = 1 (mod 4). 

For the converse, assume that p = 1 (mod 4). Because —1 is a quadratic residue 
of p, we can find an integer a satisfying a* = —1 (mod p); in fact, by Theorem 5.4, 
a = [(p — 1)/2]! is one such integer. Now gcd(a, p) = 1, so that the congruence 


ax = y (mod p) 
admits a solution x9, yo for which the conclusion of Thue’s lemma holds. As a result, 
—x5 = a°x¢ = (axo)” = yp (mod p) 
or ie ol 5 = 0 (mod p). This says that 
xi tye =kp 


for some integer k > 1. Inasmuch as 0 < |xo| < ./p and 0 < |yo| < ./p, we obtain 
O0< ah OF ye < 2p, the implication of whichis thatk = 1. Consequently, a a ye =p, 
and we are finished. 


Counting a” and (—a)? as the same, we have the following corollary. 


Corollary. Any prime p of the form 4k + 1 can be represented uniquely (aside from 
the order of the summands) as a sum of two squares. 


266 


ELEMENTARY NUMBER THEORY 


Proof. To establish the uniqueness assertion, suppose that 
pHPt+eP=e4+a 
where a, b, c, d are all positive integers. Then 
ad” — b*c* = p(d* — b”) = 0 (mod p) 


whence ad = bc (mod p) or ad = —bc (mod p). Because a, b, c, d are all less than 
,/ Pp, these relations imply that 


ad—bc=0 or ad+bc= p 
If the second equality holds, then we would have ac = bd; for, 
p* =(a* + b*)(c? + d?) = (ad + bc)? + (ac — bd)?* 
= p? + (ac — bdyY 
and so ac — bd = 0. It follows that either 
ad = bc or ac = bd 


Suppose, for instance, that ad = bc. Then a|bc, with gcd(a, b) = 1, which forces 
a|,c; say, c = ka. The condition ad = bc = b(ka) then reduces to d = bk. But 


p=O+d =h (a? +d’) 


implies that k = 1. In this case, we get a = c and b = d. By a similar argument, the 
condition ac = bd leads toa = d and b = c. What is important is that, in either event, 
our two representations of the prime p turn out to be identical. 


Let us follow the steps in Theorem 13.2, using the prime p = 13. One choice 


for the integer a is 6! = 720. A solution of the congruence 720x = y (mod 13), or 
rather, 


5x = y (mod 13) 


is obtained by considering the set 


S={5x-—y|0<x,y <4} 


The elements of S are just the integers 


0: 35> 10° 15 
=]. 4 9 14 
S263 8. 19 
Sieve. aie ee 


which, modulo 13, become 


11 
10 


— 
N 

YN wp MN 
\o 
— 


if Fold: 
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Among the various possibilities, we have 


or 


5-1—-3=2=5-3-—0(mod 13) 


5(1 — 3) = 3 (mod 13) 


Thus, we may take x9 = —2 and yo = 3 to obtain 


13 =x+y=274+3° 
Remark. Some authors would claim that any prime p = 1 (mod 4) can be written as 
a sum of squares in eight ways. For with p = 13, we have 
13 = 2? +38 = 2? + (—3P = (2) + 3? = (-2)° + (-3° 
= 3742? = 3? + (—2) = (—3)? +2? = (-3P + (-29 
Because all eight representations can be obtained from any one of them by interchang- 
ing the signs of 2 and 3 or by interchanging the summands, there is “essentially” only 


one way of doing this. Thus, from our point of view, 13 is uniquely representable as 
the sum of two squares. 


We have shown that every prime p such that p = 1 (mod 4) is expressible as 


the sum of two squares. But other integers also enjoy this property; for instance, 


10 = 174+ 37 


The next step in our program is to characterize explicitly those positive integers that 
can be realized as the sum of two squares. 


Theorem 13.3. Let the positive integer n be written as n = N*m, where m is square- 
free. Then n can be represented as the sum of two squares if and only if m contains no 
prime factor of the form 4k + 3. 


Proof. To start, suppose that m has no prime factor of the form 4k + 3. Ifm = 1 then 
n = N* + 0°, and we are through. In the case in which m > 1, letm = p,p2--: py be 
the factorization of m into a product of distinct primes. Each of these primes p;, being 
equal to 2 or of the form 4k + 1, can be written as the sum of two squares. Now, the 
identity 


(a* + b*)(c? +d?) = (ac + bd) + (ad — bey 


shows that the product of two (and, by induction, any finite number) integers, each 
of which is representable as a sum of two squares, is likewise so representable. Thus, 
there exist integers x and y satisfying m = x* + y”. We end up with 


n= N?m = N*(x* + y*) = (Nx) + (Ny? 


a sum of two squares. 
Now for the opposite direction. Assume that n can be represented as the sum of 
two squares 


n=a*+b*=N’m 
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and let p be any odd prime divisor of m (without loss of generality, it may be assumed 
that m > 1). If d = gcd(a, b), thena = rd, b = sd, where gcd(r, s) = 1. We get 


d?(r? + s”) = N’m 


and so, m being square-free, d* | N?. But then 


for some integer t, which leads to 
Pr +s =0 (mod p) 


Now the condition gcd(r, s) = 1 implies that one of r or s, say r, is relatively prime 
to p. Let r’ satisfy the congruence 


rr’ = 1 (mod p) 
When the equation r? + s* = 0 (mod p) is multiplied by (r’)”, we obtain 
(sr’)? + 1 =0 (mod p) 


or, to put it differently, (—1/p) = 1. Because —1 is a quadratic residue of p, Theorem 
9.2 ensures that p = 1 (mod 4). The implication of our reasoning is that there is no 
prime of the form 4k + 3 that divides m. 


The following is a corollary to the preceding analysis. 


Corollary. A positive integer n is representable as the sum of two squares if and only 
if each of its prime factors of the form 4k + 3 occurs to an even power. 


Example 13.1. The integer 459 cannot be written as the sum of two squares, because 
459 = 33-17, with the prime 3 occurring to an odd exponent. On the other hand, 
153 = 3* - 17 admits the representation 


153 = 3°(4* + 1°) = 12? + 3? 
Somewhat more complicated is the example n = 5 - 7* - 13 - 17. In this case, we have 
n=7-5-13-17=7 (2? + 12)? + 22)(47 + 1”) 
Two applications of the identity appearing in Theorem 13.3 give 
(3* + 2?(4? + 17) = (12 + 2? + 3 — 8)* = 147 + 8 
and 
(27 + 17)(14? + 5?) = (28 + 5)? + (10 — 14)? = 337 + 4? 
When these are combined, we end up with 


n = 7332 + 4”) = 2317 + 287 


There exist certain positive integers (obviously, not primes of the form 4k + 1) 


that can be represented in more than one way as the sum of two squares. The 
smallest is 


Da 37 = 5707 
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If a = b (mod 2), then the relation 


o=(3*) -(3) 


allows us to manufacture a variety of such examples. Take n = 153 as an illustration; 


here, 
17. £9\" 17 =9\7 
153 =17-9= a — (——_} =13?- # 
2 y) 
and 
a 3? ¥ST 8" 
SF ost Ge (OT) af 22) oy 
2 2 
so that 


13* — 4? = 27? — 24? 
This yields the two distinct representations 
27° + 4° = 247 + 137 = 745 
At this stage, a natural question should suggest itself: What positive integers 


admit a representation as the difference of two squares? We answer this below. 


Theorem 13.4. A positive integer n can be represented as the difference of two squares 
if and only if n is not of the form 4k + 2. 
Proof. Because a? =0orl (mod 4) for all integers a, it follows that 

a’ — b? = 0, 1, or 3 (mod 4) 


Thus, if n = 2 (mod 4), we cannot have n = a” — b* for any choice of a and b. 

Turning affairs around, suppose that the integer n is not of the form 4k + 2; that 
is to say, n = 0, 1, or 3 (mod 4). If n = 1 or 3 (mod 4), then + 1 andn — 1 are both 
even integers; hence, n can be written as 


4 AY? oe 
c= — 
2 2 
a difference of squares. If n = 0 (mod 4), then we have 
n > n 2 
= (541) -G-) 
‘ a a 4 


Corollary. An odd prime is the difference of two successive squares. 


Examples of this last corollary are afforded by 
MS6=5% 17] 8? 29=157 -— 147 
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Another point worth mentioning is that the representation of a given prime p as 
the difference of two squares is unique. To see this, suppose that 
p=a’ —b* =(a—b)(a+b) 
where a > b > 0. Because 1 and p are the only factors of p, necessarily we have 
a—b=1 and at+b=p 
from which it may be inferred that 


1 
a= Pa and b = —— 
2 2 
Thus, any odd prime p can be written as the difference of the squares of two integers 


in precisely one way; namely, as 


(C2) -(9 


A different situation occurs when we pass from primes to arbitrary integers. 
Suppose that n is a positive integer that is neither prime nor of the form 4k + 2. 
Starting with a divisor d of n, put d’ = n/d (it is harmless to assume that d > d’). 
Now, if d and d’ are both even, or both odd, then (d + d’)/2 and (d — d’)2 are 
integers. Furthermore, we may write 


Seppe end \ aad 
eee ae 2 


By way of illustration, consider the integer n = 24. Here, 


129\ {R= 7\2 
24 = 12.2=( 7 ) -(7>) =7-5 


and 


6+44)\2 ye: 
2 2 


giving us two representations for 24 as the difference of squares. 


PROBLEMS 13.2 


1. Represent each of the primes 113, 229, and 373 as a sum of two squares. 
2. (a) It has been conjectured that there exist infinitely many prime numbers p such that 
p =n* +(n+ 1) for some positive integer n; for example, 5 = 17 + 27 and 13 = 
2? + 3. Find five more of these primes. 
(b) Another conjecture is that there are infinitely many prime numbers p of the form 
p= eae where pj; is a prime. Find five such primes. 
3. Establish each of the following assertions: 
(a) Each of the integers 2”, where n = 1, 2, 3,..., is asum of two squares. 
(b) Ifn = 3 or 6 (mod 9), then n cannot be represented as a sum of two squares. 
(c) If n is the sum of two triangular numbers, then 4n + 1 is the sum of two squares. 


10. 


11. 


12. 


13. 


14. 
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(d) Every Fermat number F,, = 22” + 1, where n > 1, can be expressed as the sum of 
two squares. 

(e) Every odd perfect number (if one exists) is the sum of two squares. 
[Hint: See the Corollary to Theorem 11.7.] 


. Prove that a prime p can be written as a sum of two squares if and only if the congruence 


x* + 1 = 0 (mod p) admits a solution. 


. (a) Show that a positive integer n is a sum of two squares if and only if n = 2”a7b, 


where m > 0, a is an odd integer, and every prime divisor of b is of the form 
4k +1. 

(b) Write each of the integers 3185 = 5-7? - 13; 39690 = 2- 34-5- 7°; and 62920 = 
2? .5-11%- 13 as a sum of two squares. 


. Find a positive integer having at least three different representations as the sum of two 


squares, disregarding signs and the order of the summands. 
[Hint: Choose an integer that has three distinct prime factors, each of the form 4k + 1.] 


. If the positive integer is not the sum of squares of two integers, show that n cannot be 


represented as the sum of two squares of rational numbers. 

[Hint: By Theorem 13.3, there is a prime p = 3 (mod 4) and an odd integer k such that 
p* |n, whereas p*t! J n. If n = (a/b)* + (c/d)’, then p will occur to an odd power 
on the left-hand side of the equation n(bd)* = (ad)* + (bc)*, but not on the right-hand 
side. | 


. Prove that the positive integer n has as many representations as the sum of two squares 


as does the integer 2n. 
[Hint: Starting with a representation of n as a sum of two squares obtain a similar 
representation for 21, and conversely. ] 


. (a) If n is a triangular number, show that each of the three successive integers 877, 


8n* + 1, 8n* + 2 can be written as a sum of two squares. 

(b) Prove that of any four consecutive integers, at least one is not representable as a sum 
of two squares. 

Prove the following: 

(a) If a prime number is the sum of two or four squares of different primes, then one of 
these primes must be equal to 2. 

(b) If a prime number is the sum of three squares of different primes, then one of these 
primes must be equal to 3. 

(a) Let p be an odd prime. If p|a” + b*, where gcd(a, b) = 1, prove that the prime 
p = 1 (mod 4). 
[Hint: Raise the congruence a” = —b* (mod p) to the power (p — 1)/2 and apply 
Fermat’s theorem to conclude that (—1)?~?/? = 1.] 

(b) Use part (a) to show that any positive divisor of a sum of two relatively prime squares 
is itself a sum of two squares. 

Establish that every prime number p of the form 8k + 1 or 8k + 3 can be written as 

p =a’ + 2b? for some choice of integers a and b. 

[Hint: Mimic the proof of Theorem 13.2.] 

Prove the following: 

(a) A positive integer is representable as the difference of two squares if and only if it is 
the product of two factors that are both even or both odd. 

(b) A positive even integer can be written as the difference of two squares if and only if 
it is divisible by 4. 

Verify that 45 is the smallest positive integer admitting three distinct representations as 

the difference of two squares. 

[Hint: See part (a) of the previous problem.] 
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15. For any n > 0, show that there exists a positive integer that can be expressed in n distinct 
ways as the difference of two squares. 
[Hint: Note that, fork = 1,2,...,n, 

gant = (Qa ue 9 eS —_ (Qk = Dee | 

16. Prove that every prime p = 1 (mod 4) divides the sum of two relatively prime squares, 
where each square exceeds 3. 
[Hint: Given an odd primitive root r of p, we have r* = 2 (mod p) for some k; hence 
pelkt(p-1)/4] = 4 (mod p).] 

17. For a prime p = 1 or 3 (mod 8), show that the equation x? + 2y” = p has a solution. 

18. The English number theorist G. H. Hardy relates the following story about his young 
protégé Ramanujan: “I remember going to see him once when he was lying ill in Putney. 
I had ridden in taxi-cab No. 1729, and remarked that the number seemed to me rather a 
dull one, and that I hoped it was not an unfavorable omen. ‘No,’ he reflected, ‘it is a very 
interesting number; it is the smallest number expressible as the sum of two cubes in two 
different ways.” Verify Ramanujan’s assertion. 


13.3 SUMS OF MORE THAN TWO SQUARES 


Although not every positive integer can be written as the sum of two squares, what 
about their representation in terms of three squares (0? still permitted)? With an 
extra square to add, it seems reasonable that there should be fewer exceptions. For 
instance, when only two squares are allowed, we have no representation for such 
integers as 14, 33, and 67, but 


14=374774 12 33 = 57427472? 67 =7 +374 37 


It is still possible to find integers that are not expressible as the sum of three squares. 
Theorem 13.5 speaks to this point. 


Theorem 13.5. No positive integer of the form 4"(8m + 7) can be represented as the 
sum of three squares. 


Proof. To start, let us show that the integer 8m + 7 is not expressible as the sum of 
three squares. For any integer a, we have a” = 0, 1, or 4 (mod 8). It follows that 


a? + b* +c* =0, 1,2, 3,4, 5, or 6 (mod 8) 
for any choice of integers a, b, c. Because we have 8m + 7 = 7 (mod 8), the equation 
a? + b? +c? = 8m +7 is impossible. 
Next, let us suppose that 4”(8m + 7), where n > 1, can be written as 
4"(8m +7) =a? +b*% 4c? 
Then each of the integers a, b,c must be even. Puttinga = 2a,,b = 2b,c = 2c), we get 
4""(8m +7) =ar +b} +c} 


If n — 1 > 1, the argument may be repeated until 8m + 7 is eventually represented 
as the sum of three squared integers; this, of course, contradicts the result of the first 
paragraph. 


We can prove that the condition of Theorem 13.5 is also sufficient in order that 
a positive integer be realizable as the sum of three squares; however, the argument 
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is much too difficult for inclusion here. Part of the trouble is that, unlike the case of 
two (or even four) squares, there is no algebraic identity that expresses the product 
of sums of three squares as a sum of three squares. 

With this trace of ignorance left showing, let us make a few historical remarks. 
Diophantus conjectured, in effect, that no number of the form 8m + 7 is the sum 
of three squares, a fact easily verified by Descartes in 1638. It seems fair to credit 
Fermat with being the first to state in full the criterion that a number can be written 
as a sum of three squared integers if and only if it is not of the form 4”"(8m + 7), 
where m and n are nonnegative integers. This was proved in a complicated manner 
by Legendre in 1798 and more clearly (but by no means easily) by Gauss in 1801. 

As just indicated, there exist positive integers that are not representable as the 
sum of either two or three squares (take 7 and 15, for simple examples). Things 
change dramatically when we turn to four squares: there are no exceptions at all! 

The first explicit reference to the fact that every positive integer can be written as 
the sum of four squares, counting 07, was made by Bachet (in 1621) and he checked 
this conjecture for all integers up to 325. Fifteen years later, Fermat claimed that 
he had a proof using his favorite method of infinite descent. However, as usual, he 
gave no details. Both Bachet and Fermat felt that Diophantus must have known the 
result; the evidence is entirely conjectural: Diophantus gave necessary conditions in 
order that a number be the sum of two or three squares, while making no mention 
of a condition for a representation as a sum of four squares. 

One measure of the difficulty of the problem is the fact that Euler, despite his 
brilliant achievements, wrestled with it for more than 40 years without success. 
Nonetheless, his contribution toward the eventual solution was substantial; Euler 
discovered the fundamental identity that allows one to express the product of two 
sums of four squares as such a sum, and the crucial result that the congruence 
x? + y*+1=0 (mod p) is solvable for any prime p. A complete proof of the 
four-square conjecture was published by Lagrange in 1772, who acknowledged his 
indebtedness to the ideas of Euler. The next year, Euler offered a much simpler 
demonstration, which is essentially the version to be presented here. 

It is convenient to establish two preparatory lemmas, so as not to interrupt the 
main argument at an awkward stage. The proof of the first contains the algebraic 
identity (Euler’s identity) that allows us to reduce the four-square problem to the 
consideration of prime numbers only. 


Lemmal_ Euler. If the integers m and n are each the sum of four squares, then mn 
is likewise so representable. 


Proof. If m = aj + a5 +a} + aj andn = bi + b5 + bf + bj for integers a;, b;, then 


mn = (aj + a3 + a} + at) (by + b5 + dF + bf) 
= (ajby + azb2 + a3b3 + agby)* 
+ (ayb2 — anb + a3b4 — a4b3)* 
+ (ayb3 — anby — a3b; + agbr)’ 
+ (ayb4 + a2b3 — a3b2 — aby)" 
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We confirm this cumbersome identity by brute force: Just multiply everything out and 
compare terms. The details are not suitable for the printed page. 


Another basic ingredient in our development is Lemma 2. 


Lemma 2. If p is an odd prime, then the congruence 
x? + y? + 1 =0 (mod p) 
has a solution xo, yo where 0 < xp < (p — 1)/2 and 0 < yo < (p — 1)/2. 


Proof. The idea of the proof is to consider the following two sets: 


24 \% 
= [rere Pree. (254) 


—1\2 
Re {= 12 nn (2) 
2 


No two elements of the set S, are congruent modulo p. For if 1 + x7 = 1 + x3 (mod p), 
then either x; = x2 (mod p) or x; = —x2 (mod p). But the latter consequence is 
impossible, because 0 < x; + x2 < p (unless x; = x2 = 0), whence x; = x2 (mod p), 
which implies that x; = x2. In the same vein, no two elements of Sj are congruent 
modulo p. 

Together S; and Sz contain 2[1 + $(p — 1)] = p + 1 integers. By the pigeonhole 
principle, some integer in S$; must be congruent modulo p to some integer in $2; that 
is, there exist Xo, yo such that 


1 + x4 = -—ye (mod p) 
where 0 < xo < (p — 1)/2 andO < yo < (p —1)/2. 


Corollary. Given an odd prime p, there exists an integer k < p such that kp is the 
sum of four squares. 


Proof. According to the theorem, we can find integers xo and yo, 
Pp Pp 
0<x< = 0< <= 
S Xo ) = yo ) 
such that 
xe tye +1? +0 = kp 


for a suitable choice of k. The restrictions on the size of xp and yo imply that 


Ponte 
Pantha ta pep 


and so k < p, as asserted in the corollary. 


Example 13.2. We digress for a moment to look at an example. If we take p = 17, 
then the sets S; and S, become 


S; = {1, 2,5, 10, 17, 26, 37, 50, 65} 
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and 
So = {0, —1, —4, —9, —16, —25, —36, —49, —64} 


Modulo 17, the set S; consists of the integers 1, 2, 5, 10, 0, 9, 3, 16, 14, and those in Sz 
are 0, 16, 13, 8, 1, 9, 15, 2, 4. Lemma 2 tells us that some member 1 + x? of the first 
set is congruent to some member —y” of the second set. We have, among the various 
possibilities, 


1+5* = 9 = —5? (mod 17) 
or 1 + 57 + 52 = 0 (mod 17). It follows that 
3-17=174+59°+57 +07 


is a multiple of 17 written as a sum of four squares. 


The last lemma is so essential to our work that it is worth pointing out another 
approach, this one involving the theory of quadratic residues. If p = 1 (mod 4), 
we may choose x to be a solution of x* = —1 (mod p) (this is permissible by the 
corollary to Theorem 9.2) and yo = 0 to get 

xo + yo +1 =0 (mod p) 


Thus, it suffices to concentrate on the case p = 3 (mod 4). We first pick the integer 
a to be the smallest positive quadratic nonresidue of p (keep in mind that a > 2, 
because 1 is a quadratic residue). Then 
(—a/p) = (-1/p)@/p) = (-I(-D = 1 
so that —a is a quadratic residue of p. Hence, the congruence 
x* = —a (mod p) 


admits a solution x9, with 0 < x9 < (p — 1)/2. Now a — 1, being positive and 
smaller than a, must itself be a quadratic residue of p. Thus, there exists an integer 
yo, where 0 < yo < (p — 1)/2, satisfying 


y” =a — 1 (mod p) 
The conclusion is 
xe t+ ye +1 =-a+(a—1)+1=0(mod p) 


With these two lemmas among our tools, we now have the necessary information 
to carry out a proof of the fact that any prime can be realized as the sum of four 
squared integers. 


Theorem 13.6. Any prime p can be written as the sum of four squares. 


Proof. The theorem is certainly true for p = 2, because 2 = 17 + 17 + 0? + 0*. Thus, 
we may hereafter restrict our attention to odd primes. Let k be the smallest positive 
integer such that kp is the sum of four squares; say, 


kp=x?t+yt+z°+w? 
By virtue of the foregoing corollary, k < p. The crux of our argument is that k = 1. 
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We make a start by showing that k is an odd integer. For a proof by contradiction, 
assume that k is even. Then x, y, z, w are all even; or all are odd; or two are even and 
two are odd. In any event, we may rearrange them, so that 


x = y (mod 2) and Z = w (mod 2) 


It follows that 
1 1 1 1 
ha =.y) a + y) 5% —w) 5& +w) 


are all integers and 


1 = e—y\" x+y\? z—-w\? z+w\’ 
tela) oe) a) 


is a representation of (k/2)p as a sum of four squares. This violates the minimal nature 
of k, giving us our contradiction. 

There still remains the problem of showing that k = 1. Assume that k 4 1; then 
k, being an odd integer, is at least 3. It is therefore possible to choose integers a, b, c, 
d such that 


a = x (mod k) b = y (mod k) c = z (mod k) d = w (mod k) 


and 

la : |D| Ic| |d| : 

<s <s Pee <- 

pe EES: 2 
(To obtain the integer a, for instance, find the remainder r when x is divided by k; put 
a=rora=r-—k according asr < k/2orr > k/2.) Then 

V+ 4+e04+@ =x? 4+ y? +22 4+w? = 0(mod k) 
and therefore 
a+b? +c? 4d? =nk 


for some nonnegative integer n. Because of the restrictions on the size of a, b, c,d, 
k 2 
O<nk=a04+b?4+c?4+a <4(5) = k? 


We cannot have n = 0, because this would signify that a = b = c = d = 0 and, in 
consequence, that k divides each of the integers x, y, z, w. Then k? | kp, ork | p, which 
is impossible in light of the inequality 1 < k < p. The relation nk < k* also allows us 
to conclude that n < k. Insummary: 0 < n < k. Combining the various pieces, we get 
k*np = (kp)(kn) = (x2 + y? +27 + w’)(a2 +b? +c? +d’) 
=r+s* +27? +n? 

where 

r=xa+yb+zc+wd 

s=xb—ya+zd—we 

t=xc—yd—za+wb 

u=xd+yc—zb—wa 
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It is important to observe that all four of r,s, t, u are divisible by k. In the case of the 
integer r, for example, we have 
r =xa+yb+zc+wd=a°4+b°4+0°4+a@ = 0 (mod k) 


Similarly, s = t = u = 0 (mod k). This leads to the representation 


r\2 5\2 Ie u\2 
maa) tle) (z) a) 
where r/k, s/k, t/k, u/k are all integers. Because 0 < n < k, we therefore arrive at 


a contradiction to the choice of k as the smallest positive integer for which kp is the 
sum of four squares. With this contradiction, k = 1, and the proof is finally complete. 


This brings us to our ultimate objective, the classical result of Lagrange. 


Theorem 13.7 Lagrange. Any positive integer n can be written as the sum of four 
squares, some of which may be zero. 


Proof. Clearly, the integer 1 is expressible as 1 = 17 + 0? + 0? + 0”, a sum of four 
squares. Assume that n > 1 and letn = p; p2--- p, be the factorization of n into (not 
necessarily distinct) primes. Because each p; is realizable as a sum of four squares, 
Euler’s identity permits us to express the product of any two primes as a sum of four 
squares. This, by induction, extends to any finite number of prime factors, so that 
applying the identity r — 1 times, we obtain the desired representation for n. 


Example 13.3. To write the integer 459 = 3° - 17 as the sum of four squares, we use 
Euler’s identity as follows: 
459 = 3?-3-17 
= 32(12 + 12 + 12 + 0242 + 12 + 07 + 07) 
= 37[(44+1+0+0)7+(0—-4+0-0) 
+ (0-0-—4+4+0)?+0+0-1-0)7] 
= 3°[5? + 3? + 4? + 17] 
= 157 +9? + 12? + 3? 


Lagrange’s theorem motivated the more general problem of representing each 
positive integer as a four-variable expressions of the form 


ax* + by* + cz” + dw? 


where a, b, c, d are given positive integers. In 1916, the famous Indian math- 
ematician Srinivasa Ramanujan presented 53 such “universal quadratics,” four of 
which had been previously known. For instance, the expression x” + 2y* + 3z* + 
8w” yields all positive integers: the integer 39, say, can be produced as 


20’ = 9 4 D2 453 3* Bde 


In 2005, Manjul Bhargava proved that there are only 204 of the desired quadratics. 
Finally, in a completion to the question, Bhargava and Jonathan Hanke found a 
particular set of 29 positive integers that will serve as a check for any quadratic 
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expression. If the quadratic expression can represent each of those 29 integers, it can 
represent all positive integers. 

Although squares have received all our attention so far, many of the ideas in- 
volved generalize to higher powers. 

In his book, Meditationes Algebraicae (1770), Edward Waring stated that each 
positive integer is expressible as a sum of at most 9 cubes, also a sum of at most 19 
fourth powers, and so on. This assertion has been interpreted to mean the following: 
Can each positive integer be written as the sum of no more than a fixed number g(k) 
of kth powers, where g(k) depends only on k, not the integer being represented? In 
other words, for a given k, a number g(k) is sought such that every n > 0 can be 
represented in at least one way as 


where the a; are nonnegative integers, not necessarily distinct. The resulting problem 
was the starting point of a large body of research in number theory on what has 
become known as “Waring’s problem.” There seems little doubt that Waring had 
limited numerical grounds in favor of his assertion and no shadow of a proof. 

As we have reported in Theorem 13.7, g(2) = 4. Except for squares, the first case 
of a Waring-type theorem actually proved is attributed to Liouville (1859): Every 
positive integer is a sum of at most 53 fourth powers. This bound for g(4) is somewhat 
inflated, and through the years it was progressively reduced. The existence of g(k) 
for each value of k was resolved in the affirmative by Hilbert in 1909; unfortunately, 
his proof relies on heavy machinery (including a 25-fold integral at one stage) and 
is in no way constructive. 

Once it is known that Waring’s problem admits a solution, a natural question 
to pose is “How big is g(k)?” There is an extensive literature on this aspect of the 
problem, but the question itself is still open. A sample result, due to Leonard Dickson, 
is that g(3) = 9, whereas 

23=274+2474P4P4P+PeVger 
and 

239= 4 4443743743743? 4P4P42P 
are the only integers that actually require as many as 9 cubes in their representation; 
each integer greater than 239 can be realized as the sum of at most 8 cubes. In 1942, 
Linnik proved that only a finite number of integers need 8 cubes; from some point 
onward 7 will suffice. Whether 6 cubes are also sufficient to obtain all but finitely 
many positive integers is still unsettled. 

The casesk = 4andk = Shave turned out to be the most subtle. For many years, 
the best-known result was that g(4) lay somewhere in the range 19 < g(4) < 35, 
whereas 9(5) satisfied 37 < g(5) < 54. Subsequent work (1964) has shown that 
g(5) = 37. The upper bound on g(4) was decreased dramatically during the 1970s, 
the sharpest estimate being g(4) < 22. It was also proved that every integer less than 
10!*° or greater than 10°°7 can be written as a sum of at most 19 fourth powers; thus, in 
principle, g(4) could be calculated. The relatively recent (1986) announcement that, 
in fact, 19 fourth powers suffice to represent all integers settled this case completely. 
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As far as k > 6 is concerned, it has been established that the formula 
g(k) = [G/2)*] + 2* -2 


holds, except possibly for a finite number of values of k. There is considerable 
evidence to suggest that this expression is correct for all k. 

For k > 3, all sufficiently large integers require fewer than g(k) kth powers in 
their representations. This suggests a general definition: Let G(k) denote the smallest 
integer r with the property that every sufficiently large integer is the sum of at most r 
kth powers. Clearly, G(k) < g(k). Exact values of G(k) are known only in two cases, 
namely, G(2) = 4 and G(4) = 16. Linnik’s result on cubes indicates that G(3) < 7, 
while as far back as 1851 Jacobi conjectured that G(3) < 5. Although more than 
half a century has passed without an improvement in the size of G(3), nevertheless, 
it is felt that G(3) = 4. In recent years, the bounds G(5) < 17 and G(6) < 24 have 
been established. 

Below are listed known values and estimates for the first few g(k) and G(k): 


g(2) =4 G(2) =4 
g(3) =9 4<G(3)<7 
g(4) = 19 G(4) = 16 
g(5) = 37 6 < G(5) < 17 
g(6) = 73 9 < G(6) < 24 
g(7) = 143 8 < G(7) < 33 


g(8) = 279 32 < G(8) < 42 


Another problem that has attracted considerable attention is whether an nth 
power can be written as a sum of n nth powers, with n > 3. Progress was first made 
in 1911 with the discovery of the smallest solution in fourth powers, 


353* = 30* + 120* + 272* + 3154 
In fifth powers, the smallest solution is 
72° = 19° + 43° + 46° + 47° + 67° 


However, for sixth or higher powers no solution is yet known. 

There is a related question; it may be asked, “Can an nth power ever be the sum 
of fewer than n nth powers?” Euler conjectured that this is impossible; however, in 
1968, Lander and Parkin came across the representation 


144° = 27° + 84° + 110° + 133° 


With the subsequent increase in computer power and sophistication, N. Elkies was 
able to show (1987) that for fourth powers there are infinitely many counterexamples 
to Euler’s conjecture. The one with the smallest value is 


A22481* = 958007 + 2175197 + 4145607 
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PROBLEMS 13.3 


1. 


N ui 


10. 


Without actually adding the squares, confirm that the following relations hold: 
(a) 174224 324...4237 4 242 = 707. 

(b) 18? + 19? + 20? + -.. + 27? + 28? = 777. 

(c) 27+57+ 824...4 232 4 262 = 482. 

(d) 62 + 127 +182 +... 4 422 4 482 — 952 — 412. 


. Regiomontanus proposed the problem of finding 20 squares whose sum is a square greater 


than 300,000. Furnish two solutions. 
[Hint: Consider the identity 


(a? +02 + ---4+ a2) = (a? +43 +---+a2_, — a2)’ 


+(2a, an)” + (2a2an)° a eee (24n—14n)*.] 


: lip = qi ae qs + Gs. where Pp, 41, 92, and q3 are all primes, show that some q; = 3. 
. Establish that the equation a? + b? + c? + a+b +c = 1has no solution in the integers. 


[Hint: The equation in question is equivalent to the equation 


(2a + 1)? + (2b 4+ 1)? + 2c +1)? =7.] 


. For a given positive integer n, show that n or 2n is a sum of three squares. 
. An unanswered question is whether there exist infinitely many prime numbers p such 


that p = n*+(n+4+ 1)? + (n + 2)’, for some n > O. Find three of these primes. 


. In our examination of n = 459, no representation as a sum of two squares was found. 


Express 459 as a sum of three squares. 


. Verify each of the statements below: 


(a) Every positive odd integer is of the form a* + b* + 2c”, where a, b, c are integers. 
[Hint: Given n > 0, 4n + 2 can be written as 4n + 2 = x2 + y? + 27, with x and y 
odd and z even. Then 


xy yy Za 
an +1 = ( > ) +( ; ) +2(=) J 
(b) Every positive integer is either of the form a* + b* + c? or a? + b? + 2c”, where a, 
b, c are integers. 
[Hint: If n > 0 cannot be written as a sum a” + b? + c’, then it is of the form 
4” (8k + 7). Apply part (a) to the odd integer 8k + 7.] 
(c) Every positive integer is of the form a? + b? — c*, where a, b, c are integers. 


[Hint: Given n > 0, choose a such that n — a? is a positive odd integer and use 
Theorem 13.4.] 


. Establish the following: 


(a) No integer of the form 9k + 4 or 9k + 5 can be the sum of three or fewer cubes. 
[Hint: Notice that a? = 0, 1, or 8 (mod 9) for any integer a.] 

(b) The only prime p that is representable as the sum of two positive cubes is p = 2. 
[Hint: Use the identity 


a+b? =(a+b\(a — by +ab).] 


(c) A prime p can be represented as the difference of two cubes if and only if it is of the 
form p = 3k(k + 1) + 1, for some k. 
Express each of the primes 7, 19, 37, 61, and 127 as the difference of two cubes. 


11. 


12. 


13. 


14. 


15. 


16. 


17. 


18. 
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Prove that every positive integer can be represented as a sum of three or fewer triangular 
numbers. 
[Hint: Given n > O, express 8n + 3 as a sum of three odd squares and then solve for n.] 
Show that there are infinitely many primes p of the form p = a” + b? + c? + 1, where 
a, b,c are integers. 
[Hint: By Theorem 9.8, there are infinitely many primes of the form p = 8k + 7. Write 
p—1=8k+6=a’?+4+b* +c? for some a, b, c.] 
Express the integers 231 = 3- 7-11, 391 = 17- 23, and 2109 = 37 - 57 as sums of four 
squares. 
(a) Prove that every integer n > 170 is a sum of five squares, none of which are equal 
to zero. 
[Hint: Write n — 169 = a* + b? +c? +d? for some integers a, b, c, d and consider 
the cases in which one or more of a, b, c is zero.] 
(b) Prove that any positive multiple of 8 is a sum of eight odd squares. 
[Hint: Assuming n = a* + b* + c* + d?, then 8n + 8 is the sum of the squares of 
2a+1,2b+1, 2c + 1, and 2d + 1.] 
From the fact that n? = n (mod 6) conclude that every integer n can be represented as 
the sum of the cubes of five integers, allowing negative cubes. 
[Hint: Utilize the identity 


we —6k =n —(kK+1P-—K-1IP+R4KR ] 


Prove that every odd integer is the sum of four squares, two of which are consecutive. 
[Hint: For n > 0, 4n + 1 is a sum of three squares, only one being odd; notice that 
An + 1 = (2a)* + (2b)* + (2c + 1)” gives 


n+1=(a@tbP+a—bY +c? +(c+1)¥.] 
Prove that there are infinitely many triangular numbers that are simultaneously express- 
ible as the sum of two cubes and the difference of two cubes. Exhibit the representations 


for one such triangular number. 
[Hint: In the identity 


(27k®)? — 1 = (9k* — 3k)? + (9k? — 1) 
= (9k4 + 3k)? — (9k? + 1) 
take k to be an odd integer to get 
(2n + 1)? — 1 = (2a)? + (2b)? = (2c)? — (24)? 


or equivalently, t, = a> + b? = c? — d>.] 

(a) Ifn — 1 andn + 1 are both primes, establish that the integer 2n” + 2 can be repre- 
sented as the sum of 2, 3, 4, and 5 squares. 

(b) Illustrate the result of part (a) in the cases in which n = 4, 6, and 12. 
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CHAPTER 
FIBONACCI NUMBERS 


... what is physical is subject to the laws of mathematics, and what is 
spiritual to the laws of God, and the laws of mathematics are but the 
expression of the thoughts of God. 

THOMAS HILL 


14.1 FIBONACCI 


Perhaps the greatest mathematician of the Middle Ages was Leonardo of Pisa (1180- 
1250), who wrote under the name of Fibonacci—a contraction of “‘filius Bonacci,” 
that is, Bonacci’s son. Fibonacci was born in Pisa and educated in North Africa, 
where his father was in charge of a customhouse. In the expectation of entering 
the mercantile business, the youth traveled about the Mediterranean visiting Spain, 
Egypt, Syria, and Greece. The famous Liber Abaci, composed upon his return to Italy, 
introduced the Latin West to Islamic arithmetic and algebraic mathematical practices. 
A briefer work of Fibonacci’s, the Liber Quadratorum (1225), is devoted entirely 
to Diophantine problems of second degree. It is regarded as the most important 
contribution to Latin Middle-Ages number theory before the works of Bachet and 
Fermat. Like those before him, Fibonacci allows (positive) real numbers as solutions. 
One problem, for instance, calls for finding a square that remains square when 
increased or decreased by 5; that is, obtain a simultaneous solution to the pair of 
equations r4+5= ye x* —5 =z’, where x, y, z are unknowns. Fibonacci gave 
41/12 as an answer, for 


(41/12)? + 5 = (49/12), (41/12)* — 5 = (31/12)* 
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Leonardo of Pisa (Fibonacci) 
(1180-1250) 


(David Eugene Smith Collection, Rare Book and 
Manuscript Library, Columbia University) 


Also noteworthy is the remarkably accurate estimate in 1224 of the only real root 
of the cubic equation x? +2x* + 10x = 20. His value, in decimal notation, of 
1.3688081075 ..., is correct to nine decimal places. 

Christian Europe became acquainted with the Hindu-Arabic numerals through 
the Liber Abaci, which was written in 1202 but survives only in a revised 1228 
edition. (The word “Abaci” in the title does not refer to the abacus, but rather means 
counting in general.) Fibonacci sought to explain the advantages of the Eastern 
decimal system, with its positional notation and zero symbol, “in order that the 
Latin race might no longer be deficient in that knowledge.” The first chapter of his 
book opens with the following sentence: 


These are the nine figures of the Indians: 
9% Od Ge 243 2 ol 


With these nine figures, and with this sign 0... any number may 
be written, as will be demonstrated. 


General acceptance of the new numerals had to wait for another two centuries. 
In 1299, the city of Florence issued an ordinance forbidding merchants from us- 
ing the Arabic symbols in bookkeeping, ordering them either to employ Roman 
numerals or to write out numerical words in full. The decree was probably due to 
the great variation in the shapes of certain digits—some quite different from those 
used today—and the consequent opportunity for ambiguity, misunderstanding, and 
outright fraud. While the zero symbol, for instance, might be changed to a 6 or a9, 
it is not so easy to falsify Roman numerals. 

It is ironic that, despite his many achievements. Fibonacci is remembered today 
mainly because the 19th century number theorist Edouard Lucas attached his name 
to a certain infinite set of positive integers that arose in a trivial problem in the Liber 
Abaci. This celebrated sequence of integers 


Lyd, 2, 35 .9;.8,.13,21, 34, 55; 89, 


occurs in nature in a variety of unexpected ways. For instance, lilies have 3 petals, 
buttercups 5, marigolds 13, asters 21, while most daisies have 34, 55, or 89 petals. 
The seeds of a sunflower head radiate from its center in two families of interlaced 
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spirals, one winding clockwise and the other counterclockwise. There are usually 
34 spirals twisting clockwise and 55 in the opposite direction, although some large 
heads have been found with 55 and 89 spirals present. The number of whorls of scale 
of a pineapple or a fir cone also provides excellent examples of numbers appearing 
in Fibonacci’s sequence. 


14.2 THE FIBONACCI SEQUENCE 


In the Liber Abaci, Fibonacci posed the following problem dealing with the number 
of offspring generated by a pair of rabbits conjured up in the imagination: 


A man put one pair of rabbits in a certain place entirely surrounded by a wall. How 
many pairs of rabbits can be produced from that pair in a year, if the nature of these 
rabbits is such that every month each pair bears a new pair which from the second 
month on becomes productive? 


Assuming that none of the rabbits dies, then a pair is born during the first month, 
so that there are two pairs present. During the second month, the original pair has 
produced another pair. One month later, both the original pair and the firstborn pair 
have produced new pairs, so that three adult and two young pairs are present, and 
so on. (The figures are tabulated in the chart below.) The point to bear in mind is 
that each month the young pairs grow up and become adult pairs, making the new 
“adult” entry the previous one plus the previous “young” entry. Each of the pairs 
that was adult last month produces one young pair, so that the new “young” entry is 
equal to the previous “adult” entry. 
When continued indefinitely, the sequence encountered in the rabbit problem 


1, 1, 2,3, 5, 8, 13, 21, 34, 55, 89, 144, 233, 377, ... 


is called the Fibonacci sequence and its terms the Fibonacci numbers. The position 
of each number in this sequence is traditionally indicated by a subscript, so that 
u; = 1, uz = 1, u3 = 2, and so forth, with u, denoting the nth Fibonacci number. 


Growth of rabbit colony 


Months Adult pairs Young pairs Total 


1 1 1 2 
2 2 1 3 
3 3 2 5 
4 5 3 8 
5 8 5 13 
6 13 8 21 
7 21 13 34 
8 34 21 55 
9 55 34 89 
10 89 55 144 
11 144 89 233 


Nw 
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The Fibonacci sequence exhibits an intriguing property, namely, 


pe ee ee or U3 = U2 + Uy 
5 ke ae or U4 = U3 + U2 
.SSa+2 or Us =U4+ U3 
8=5+3 or Ug = Us + U4 


By this time, the general rule of formulation should be discernible: 
uy =u.=1 Uy = Up + Uy? forn > 3 


That is, each term in the sequence (after the second) is the sum of the two that 
immediately precede it. Such sequences, in which from a certain point on every 
term can be represented as a linear combination of preceding terms, are said to be 
recursive sequences. The Fibonacci sequence is the first known recursive sequence 
in mathematical work. Fibonacci himself was probably aware of the recursive nature 
of his sequence, but it was not until 1634—by which time mathematical notation had 
made sufficient progress—that the formula appeared in a posthumously published 
paper by Albert Girard. 

The Fibonacci numbers grow rapidly. A result indicating this behavior is that 
Usn42 > 10” forn > 1, so that 


u7 > 10, uj2 > 100, uj7 > 1000, u22 > 10000... 


The inequality can be established using induction on n, the case n = 1 being obvious 
because u7 = 13 > 10. Now assume that the inequality holds for an arbitrary integer 
n; we wish to show that it also holds for n + 1. The recursion rule uz = uz—1 + Uz_2 
can be used several times to express U5(n4.1)+2 = U5n+7 in terms of previous Fibonacci 
numbers to arrive at 


Usn47 = 8Usn42 + SUSn41 
> 8uU5n42 + 2Usn41 + USn) 
= 10u5,42 > 10-10" = 10"! 
completing the induction step and the argument. 
It may not have escaped attention that in the portion of the Fibonacci sequence 


that we have written down, successive terms are relatively prime. This is no accident, 
as is now proved. 


Theorem 14.1. For the Fibonacci sequence, gcd(un, un+1) = 1 for every n > 1. 


Proof. Let us suppose that the integer d > 1 divides both u, and u,,,. Then their 
difference uni) — Un = Un_, 1S also divisible by d. From this and from the relation 
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Un — Un—1 = Upn—2, It may be concluded that d | u,_2. Working backward, the same 
argument shows that d | u,_3, d | uyj_4,..., and finally that d|u,. But vu; = 1, which 
is certainly not divisible by any d > 1. This contradiction ends our proof. 


Because u3 = 2,u5 = 5,u7 = 13, andu,, = 89 are all prime numbers, we might 
be tempted to guess that u,, is prime whenever the subscript n > 2 is a prime. This 
conjecture fails at an early stage, for a little figuring indicates that 


ujg = 4181 = 37- 113 


Not only is there no known device for predicting which u,, are prime, but it is not 
even certain whether the number of prime Fibonacci numbers is infinite. Nonetheless, 
there is a useful positive result whose cumbersome proof is omitted: for any prime 
p, there are infinitely many Fibonacci numbers that are divisible by p and these are 
all equally spaced in the Fibonacci sequence. To illustrate, 3 divides every fourth 
term of the Fibonacci sequence, 5 divides every fifth term, and 7 divides every eighth 
term. 

With the exception of 1, U2, Us, and “12, each Fibonacci number has a “new” 
prime factor, that is, a prime factor that does not occur in any Fibonacci number 
with a smaller subscript. For example, 29 divides u4 = 377 = 13 - 29, but divides 
no earlier Fibonacci number. 

As we know, the greatest common divisor of two positive integers can be found 
from the Euclidean Algorithm after finitely many divisions. By suitably choosing 
the integers, the number of divisions required can be made arbitrarily large. The 
precise statement is this: Given n > 0, there exist positive integers a and b such 
that to calculate gcd(a, b) by means of the Euclidean Algorithm exactly n divisions 
are needed. To verify the contention, it is enough to let a = uyj+42 and b = uy4}. 
The Euclidean Algorithm for obtaining gcd(uyj+2, Un+1) leads to the system of 
equations 


Uni2 = 1. Un+1 + Un 
Una) = 1 in + Uni 


U4 =1-u3+uU2 
u3=2-u2+0 


Evidently, the number of divisions necessary here is n. The reader will no doubt 


recall that the last nonzero remainder appearing in the algorithm furnishes the value 
of gcd(un+2, Uni). Hence, 


gcd(un+2, Unt1) = U2 = 1 


which confirms anew that successive Fibonacci numbers are relatively prime. 
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Suppose, for instance, that n = 6. The following calculations show that we need 
6 divisions to find the greatest common divisor of the integers ug = 21 and u7 = 13: 


=e 8 
B=ise a5 
g S155 43 
ete) 
1 2 
9 ST 420 


Gabriel Lamé observed in 1844 that if n division steps are required in the Euclidean 
Algorithm to compute gcd(a,b), where a>b>0, then a > Uyj42,b > Uni}. 
Consequently, it was common at one time to call the sequence u,, the Lamé sequence. 
Lucas discovered that Fibonacci had been aware of these numbers six centuries ear- 
lier; and, in an article published in the inaugural volume (1878) of the American 
Journal of Mathematics, he named it the Fibonacci sequence. 

One of the striking features of the Fibonacci sequence is that the greatest common 
divisor of two Fibonacci numbers is itself a Fibonacci number. The identity 


Um+n = Um—1Un + UmUn+1 (1) 


is central to bringing out this fact. For fixed m > 2, this identity is established by 
induction on n. When n = 1, Eq. (1) takes the form 


Um+1 = Um—1U, + UmU2 = Um—1 + Um 
which is obviously true. Let us therefore assume that the formula in question holds 
when n is one of the integers 1, 2, ..., k and try to verify it when n = k + 1. By the 


induction assumption, 


Um+k = Um—1UK + UmUR+1 


Um+(k—-1) = Um—1Uk-1 + UmUk 
Addition of these two equations gives us 
Um+k - Um+(k-1) = Um—1(Uk - Uz—1) - Um (UK41 = Ux) 


By the way in which the Fibonacci numbers are defined, this expression is the same 
as 


Um+(k+1) = Um-1Uk41 + UmUK+2 


which is precisely Eq. (1) with n replaced by k + 1. The induction step is thus 
complete and Eq. (1) holds for all m > 2 andn > 1. 
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One example of Eq. (1) should suffice: 


Ug = U643 = U5U3 +Uglu4 = 5-24+8-3 = 34 


The next theorem, aside from its importance to the ultimate result we seek, has an 
interest all its own. 


Theorem 14.2. For m > 1, > 1, Um, is divisible by uy. 


Proof. We again argue by induction on n, the result being certainly true whenn = 1. For 
our induction hypothesis, let us assume that u,,,, 1s divisible by u,, forn = 1,2,...,k. 
The transition to the case Um(x41) = Umk+m 1S realized using Eq. (1); indeed, 


Um(k+1) = Umk—-1Um + UmkUm+1 


Because u,, divides u,,, by supposition, the right-hand side of this expression (and, 
hence, the left-hand side) must be divisible by u,,. Accordingly, Um | Ume&+1), Which 
was to be proved. 


Preparatory to evaluating gcd(u,,, u,), we dispose of a technical lemma. 
Lemma. If m = qn +r, then gcd(um, un) = gcd(u;, Un). 


Proof. To begin with, Eq. (1) allows us to write 
gcd(um, Un) = gcd(ugntr, Un) 
= gcd(ugn—1Ur + UgnUr+i, Un) 


An appeal to Theorem 14.2 and the fact that gcd(a + c, b) = gcd(a, b), whenever b | c, 
gives 


gcd(Ugn—1Uy + UgnUy+1, Un) = gcd(Ugn—1Uy, Un) 


Our claim is that gcd(ugn—1, Un) = 1. To see this, set d = gcd(Ugn—1, Un). The 
relations d|u, and up |Ugn imply that d|ug,, and therefore d is a (positive) com- 
mon divisor of the successive Fibonacci numbers ugn—1 and ugn. Because successive 
Fibonacci numbers are relatively prime, the effect of this is that d = 1. 

To finish the proof, the reader is left the task of showing that when gcd(a, c) = 1, 
then gcd(a, bc) = gcd(a, b). Knowing this, we can immediately pass on to 


gcd(um, Un) = gcd(ugn—1Ur, Un) = gcd(u,, Un) 


the desired equality. 


This lemma leaves us in the happy position in which all that is required is to put 


the pieces together. 


Theorem 14.3. The greatest common divisor of two Fibonacci numbers is again a 
Fibonacci number; specifically, 


gcd(up,, Un) = Ug where d = gcd(m,n) 
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Proof. Assume that m > n. Applying the Euclidean Algorithm to m and n, we get the 
following system of equations: 


m=qnt+r, O<r,j <n 

n= qor, +12 0<nm <r 

ry) = Q3l2 +173 0<7r3<r2 
Vn—-2 = Qn¥n-1 +1 n 0 < Fr < Tn-1 


Tn-1 = Qntiln + 0 
In accordance with the previous lemma, 
gcd(um, Un) = gcd(u,, ’ Un) = gcd(u,, ’ Ur, ) eee hl gcd(u,,_, ’ Uy, ) 


Because r;, | r;-1, Theorem 14.2 tells us that u,, | u,,_,, whence gcd(u,,_,,u;,) = ur,- 
But r,,, being the last nonzero remainder in the Euclidean Algorithm for m and n, is 
equal to gcd(m, n). Tying up the loose ends, we get 

gcd(um, Un) = Ugcd(m,n) 


and in this way the theorem is established. 


It is interesting to note that the converse of Theorem 14.2 can be obtained from 
the theorem just proved; in other words, if u,, is divisible by u,,, then we can conclude 
that n is divisible by m. Indeed, if u,, | u,, then gcd(up,, Un) = Um. But according to 
Theorem 14.3, the value of gcd(um, U,) must be equal to Ugca(m,n). The implication 
of all this is that gcd(m, n) = m, from which it follows that m |n. We summarize 
these remarks in the following corollary. 


Corollary. In the Fibonacci sequence, u, | uv, if and only if m|n forn > m > 3. 


A good illustration of Theorem 14.3 is provided by calculating gcd(u16, u12) = 
gcd(987, 144). From the Euclidean Algorithm, 
987 = 6- 1444 123 
144=1-123+21 
123 = 5-21+4 18 
21=1-18+3 
18 =6-3+0 


and therefore gcd(987, 144) = 3. The net result is that 


gcd(uj6, U2) = 3 = U4 = Ugedc16, 12) 


as asserted by Theorem 14.3. 

When the subscriptn > 4is composite, then u, will be composite. Forifn = rs, 
where rr > s > 2, the last corollary implies that u,|u, and u;|u,,. To illustrate: u4|u29 
and u5|u29 or, phrased differently, both 3 and 5 divide 6765. Thus, primes can occur 
in the Fibonacci sequence only for prime subscripts—the exceptions being uz = 1 
and u4 = 3. But when p is prime, u, may very well be composite, as we saw with 
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uj9 = 37 - 113. Prime Fibonacci numbers are somewhat sparse; only 42 of them are 
presently known, the largest being the 126377-digit 1604711. 

Let us present one more proof of the infinitude of primes, this one involv- 
ing Fibonacci numbers. Suppose that there are only finitely many primes, say r 
primes 2, 3,5,..., p;, arranged in ascending order. Next, consider the correspond- 
ing Fibonacci numbers uz, U3, U5, ...,Up,. According to Theorem 14.3, these are 
relatively prime in pairs. Exclude uz = 1. Each of the remaining r — 1 numbers is 
divisible by a single prime with the possible exception that one of them has two 
prime factors (there being only r primes in all). A contradiction occurs because 
u37 = 73 - 149 - 2221 has three prime factors. 


PROBLEMS 14.2 


1. Given any prime p # 5, it is known that either up; or u,+1 is divisible by p. Confirm 
this in the cases of the primes 7, 11, 13, and 17. 

2. Forn = 1,2,..., 10, show that 5u2 + 4(—1)” is always a perfect square. 

3 


. Prove that if 2|u,, then 4|(w?,, — u2_,); and similarly, if 3 |u,, then 9 |(u?,, — u}_,). 
4. For the Fibonacci sequence, establish the following: 
(a) Un+3 = uy, (mod 2), hence u3, U6, Uo, ... are all even integers. 


(b) Un4s = 3u, (mod 5), hence us, u40, 415, ... are all divisible by 5. 
5. Show that the sum of the squares of the first n Fibonacci numbers is given by the formula 


a eee 2 
Uy + Uy + U3 +++ +, = Unllyy1 


[Hint: For n > 2, u2 = unn41 —UnUn—1-] 
6. Utilize the identity in Problem 5 to prove that for n > 3 


Ung =U + Bug) + 2(up_» +up_s +--+ +5 +u7) 


. Evaluate gcd(uo, 12), gcd(u45, U20), and gcd(u24, 36). 
. Find the Fibonacci numbers that divide both u24 and 36. 
. Use the fact that u,, | u, if and only if m |n to verify each of the assertions below: 
(a) 2|u, if and only if 3 |n. 
(b) 3|u, if and only if 4 |n. 
(c) 5|u, if and only if 5 |n. 
(d) 8|u, if and only if 6 |n. 
10. If gcd(m, n) = 1, prove that u,,u,, divides u,,, for all m,n > 1. 
11. Itcan be shown that when u,, is divided by u,,(n > m), then the remainder is a Fibonacci 
number or u», — r is a Fibonacci number. Give examples illustrating both cases. 
12. It was proved in 1989 that there are only five Fibonacci numbers that are also triangular 
numbers. Find them. 
13. Forn > 1, prove that 2”~'u, =n (mod 5). 
[Hint: Use induction and the fact that 2”u,41 = p1 @ligggs ae A(2"-7un_1).] 
14. If un, <a < Uni, < b < Uny2 for some n > 4, establish that the sum a + b cannot be 
a Fibonacci number. 
15. Prove that there is no positive integer n for which 


Uy + U2 +43 +-++:+ U3, = 16! 


eoanr 


[Hint: By Wilson’s theorem, the equation is equivalent to u3,42 = 0 (mod 17). Because 
17 | U9, 17 | u, if and only if 9 | m.] 

16. If 3 divides n + m, show that uj—m—1Un + Un—mUn41 1S an even integer. 

17. Forn > 1, verify that there exist n consecutive composite Fibonacci numbers. 
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18. Prove that 9 | u,424 if and only if 9| uy. 

[Hint: Use Eq. (1) to establish that u,424 = u, (mod 9).] 
19. Use induction to show that uz, = n(—1)"*! (mod 5) forn > 1. 
20. Derive the identity 


Unt3 = 3Un41 — Un-1 n>2 
[Hint: Apply Eq. (1).] 


14.3 CERTAIN IDENTITIES INVOLVING FIBONACCI NUMBERS 


We move on and develop several of the basic identities involving Fibonacci numbers; 
these should be useful in doing the problems at the end of the section. One of the 
simplest asserts that the sum of the first n Fibonacci numbers is equal to u,+2 — 1. 
For instance, when the first eight Fibonacci numbers are added together, we obtain 


14+1424+345484134+21 =54=55-1=u4 9-1 
That this is typical of the general situation follows by adding the relations 
uy = U3 — U2 
U2 = U4 — U3 
U3 = Us — U4 


Un—-1 = Un+1 — Un 
Un = Un42 — Unt 
On doing so, the left-hand side yields the sum of the first n Fibonacci numbers, 


whereas on the right-hand side the terms cancel in pairs leaving only uy+2 — uz. But 
uz = 1. The consequence is that 


Uy +uUg+u3+--- tun = Uny2 — 1 (2) 
Another Fibonacci property worth recording is the identity 
Ur = Un41Un—1 +(-1)"! (3) 


This may be illustrated by taking, say, n = 6 and n = 7; then 

uz = 8? = 13-5-1=uqus—1 

u> = 137 =21-8+1=ugug +1 
The plan for establishing Eq. (3) is to start with the equation 

Ux — Uny1Un—1 = Un(Un—1 + Un—2) — Un4iUn-1 
= (Un — Unt1)Un—1 + UnUn—2 
From the rule of formation of the Fibonacci sequence, we have uyj41 = Un + Un—1; 
and so the expression in parentheses may be replaced by the term —u,,_; to produce 
ue — Un41Un—1 = (—1)(ue_) — UnUin—2) 


The important point is that except for the initial sign the right-hand side of this 
equation is the same as the left-hand side, but with all the subscripts decreased by 1. 
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By repeating the argument eae — UyjUy—2 can be shown to be equal to the expression 
(-1(u2_, — Un—1Un_3), Whence 
ue — Un41Un-1 = (— 1)’ (uz_» = Un—1Un—3) 
Continue in this pattern. After n — 2 such steps, we arrive at 
U — Un41Un—1 = (—1)"*(u5 — u3u1) 
=(-1)" 70? -2-)=(-1)") 

which we sought to prove. 

For n = 2k, Eq. (3) becomes 

U5, = UK 41U2%-1 — 1 (4) 


While we are on the subject, we might observe that this last identity is the basis of 
a well-known geometric deception whereby a square 8 units by 8 can be broken up 
into pieces that seemingly fit together to form a rectangle 5 by 13. To accomplish 
this, divide the square into four parts as shown below on the left and rearrange them 
as indicated on the right. 


8 


13 d 


The area of the square is 8* = 64, whereas that of the rectangle that seems to 
have the same constituent parts is 5 - 13 = 65, and so the area has apparently been 
increased by 1 square unit. The puzzle is easy to explain: the points a, b, c, d do not 
all lie on the diagonal of the rectangle, but instead are the vertices of a parallelogram 
whose area, of course, is exactly equal to the extra unit of area. 

The foregoing construction can be carried out with any square whose sides are 
equal to a Fibonacci number u2;,. When partitioned in the manner indicated 


Ud‘ 


U2~-2 


U2k-1 


U2k-] 


294 ELEMENTARY NUMBER THEORY 


the pieces may be reformed to produce a rectangle having a slot in the shape of a 
slim parallelogram (our figure is greatly exaggerated): 


Ur, U2 -1 


—T 
Pea 


Ude+1 


U2kK-] 


The identity w2,_,U2%41 —1= Us, may be interpreted as asserting that the area of 
the rectangle minus the area of the parallelogram is precisely equal to the area of the 
original square. It can be shown that the height of the parallelogram—that is, the 
width of the slot at its widest point—is 


1 


2 2 
y 42% TU o4R2 


When wu; has a reasonably large value (say, u2, = 144, so that w2,_2 = 55), the slot 
is so narrow that it is almost imperceptible to the eye. 


The First 50 Fibonacci Numbers 


uy 1 u2%6 121393 
u2 1 u27 196418 
U3 2 28 317811 
U4 3 u29 514229 
us 5 30 832040 
U6 8 U3] 1346269 
uz 13 u32 2178309 
Ug 21 33 3524578 
Ug 34 u34 5702887 
10 55 35 9227465 
uy 89 U36 14930352 
u42 144 u37 24157817 
u43 233 38 39088169 
uy44 377 U39 63245986 
u45 610 a) 102334155 
U46 987 ual 165580141 
uy47 1597 ua 267914296 
48 2584 Ua3 433494437 
49 4181 uag 701408733 
u20 6765 Uas5 1134903170 
u21 10946 U46 1836311903 
u22 17711 u47 2971215073 
u23 28657 uag 4807526976 
u24 46368 Ke) 7778742049 


u25 75025 uso 12586269025 


FIBONACCI NUMBERS 295 


There are only three Fibonacci numbers that are squares (u; = u2 = 1, uy2 = 127) 
and only three that are cubes (u; = u2 = 1, U6 = 23). Five of them are triangular 
numbers, namely, uw; = u2 = 1, u4 = 3, ug = 21, and uy9g = 55. Also, no Fibonacci 
number is perfect. 

The next result to be proved is that every positive integer can be written as a 
sum of distinct Fibonacci numbers. For instance, looking at the first few positive 
integers: 


l= 5 =uU5 =U4tu3 

2= 05 6=uUustuy=—uUgtuzt+uy 
a= T=ust+u3=u4gtu3t+un.t+uy 
4=u4+uy 8 = Ug =U5+u4 


It will be enough to show by induction onn > 2 that each of the integers 1, 2,3,..., 
Un — 1isasum of numbers from the set {u1, U2, ..., Un—2}, none repeated. Assuming 
that this holds for n = k, choose N with u, — 1 < N < uxz41. Because N — uz_} < 
Uxk+1 — Ux—1 = Ux, We infer that the integer N — u,_, is representable as a sum of 


distinct numbers from {uv 1, U2, ..., Uz%—2}. Then N and, in consequence, each of the 
integers 1, 2,3,...,ux41 — 1 can be expressed as a sum (without repetitions) of 
numbers from the set {u1, U2, ..., Ux—2, Ux_1}. This completes the induction step. 


Because two consecutive members of the Fibonacci sequence may be combined 
to give the next member, it is superfluous to have consecutive Fibonacci numbers 
in our representation of an integer. Thus, u,; + uz_ is replaced by uxz+4; whenever 
possible. If the possibility of using uw, is ignored (because 2 also has the value 1), 
then the smallest Fibonacci number appearing in the representation is either u2 or 
u3. We arrive at what is known as the Zeckendorf representation. 


Theorem 14.4. Any positive integer N can be expressed as a sum of distinct Fibonacci 
numbers, no two of which are consecutive; that is, 
N = ug, +Ug, +++ + UK, 
where kj > 2 andkj4; >kj +2 for j =1,2,...,r—1. 
When representing the integer V, whereu, < N < u,;+1,aS asum of nonconsec- 
utive Fibonacci numbers, the number u, must appear explicitly. If the representation 
did not contain u,, then even if all the admissible Fibonacci numbers were used their 


sum would not add up to NV. For when r is even, say r = 2s, we have the easily 
established identity 


U3 + Us +u7+:+++ Us] = U2, -1Ll =u, —1 
whereas if r is odd, say r = 2s + 1, then 
U2 +u4g tug +--+ +25 = U2s-1 —-l=u,—-1 


In either case, the resulting sum is less than N. Any other Zeckendorf represen- 
tation would not have a sum large enough to reach u, — 1. 
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To take a simple example, pick N = 50. Here, ug < 50 < uo and the 
Zeckendorf representation is 


50 = u4 + u7 + U9 


In 1843, the French mathematician Jacques-Philippe-Marie Binet (1786-1856) 
discovered a formula for expressing u,, in terms of the integer n; namely, 


| tes) _ [taws\" 
o whS 2 2 
This formula can be obtained by considering the two roots 
1 5) 1-5 
a= fe and p= we 


— x —1=0.As roots of this equation, they must satisfy 


e=at+l and p> =B+1 


of the quadratic equation x” 


When the first of these relations is multiplied by aw”, and the second by ", the result 
iS 


qt t2 == qgttl sf a” and pre = po a B" 
Subtracting the second equation from the first, and dividing by a — £, leads to 
gntt2 = pre 2. q?tl i pee - a” — Be 
Capo ap a—Bp 
If we put H, = (a” — B")/(a — B), the previous equation can be restated more 
concisely as 


An+2 = An+1 + An n>1 
Now notice a few things about a and B: 
a+Bp=1 a—-p=VJ5 ap =—-1 


Hence, 


= re B ara B + B 
What all this means is that the sequence H,, H2, H3, --- is precisely the Fibonacci 
sequence, which gives 
S a” — Be 


Ga = n>1 


a-—Bp = 
With the help of this rather awkward-looking expression for u, known as the 
Binet formula, it is possible to derive conveniently many results connected with the 
Fibonacci numbers. Let us, for example, show that 


2 2 
Un+2 — Un = U2n+2 
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As we Start, recall that ~8 = —1 which has the immediate consequence that 
(aB)* = 1 fork > 1. Then 


; . gtt2 _ gnt2 2 a” — Bn 2 
wha =( a—p tae) 


y2int+2) _ ee prnt2) a2" —2 ae pn 


(a — BY (a BP 
y2nt2) ae prn+2) = q2n ~ pn 
= (a — BY? 


Now the expression in the numerator may be rewritten as 
2™n+2 22 2 92 2n+2 2 2\7y2n+2 2n+2 
of) — (“yor — (ry? B" + BAD = (ox* — B* yor?" *? — Bo" **) 


On doing so, we get 


2 rs (a? Pal B?)(a2" +2 = po?) 
n+2 n (a — By 
2n+2 _— Q2n+2 
= (a +8) (—-} 
a—Bp 


= 1- Uond2 = Un42 


For a second illustration of the usefulness of the Binet formula, let us once again 
derive the relation u2;,41;U2,-1 — 1 = Wa First, we calculate 


2n+1 _ Q2n+l 2n—1 _ p2n-1 
U2n41U2n—-1 — 1 = (=) (“= } —] 
J5 J5 


= sa ue p™ a (ap)?! a (ap)! p? pe 5) 


= (a ibe a MOB ya) 


Because a? + BP = 3, this last expression becomes 
1 4n 4n 1 4n 4n 2n 
5 es Se 5 + B™ — 2(a@B)"") 


(i 2 5 
- (=) 4. 


leading to the required identity. 
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The Binet formula can also be used to obtain the value of Fibonacci numbers. 
The inequality 0 < |B| < 1 implies that |6”| = |B|" < 1 forn > 1. Hence 
n a” — p” a” 
, oe 
Peles) 1 i 
eG yas 
which indicates that u, is the nearest integer to * wet For instance, on & 377. ae 


tells us that the Fibonacci number uj4 = 377. Similarly, u;5 = 610 because “= © 
609.9996. Our result can be viewed as asserting that u, is the largest integer not 
exceeding a. + 5, or expressed in terms of the greatest integer function, 


a 


J5 


Un — 


We conclude this section with two theorems concerning prime factors of 
Fibonacci numbers. The first shows that every prime divides some Fibonacci number. 
Because 2 | u3, 3 | ug, and 5 | us, it suffices to consider those primes p > 5. 


Theorem 14.5. For a prime p > 5, either p|u,_1 or p | ¥p+1, but not both. 


Proof. By Binet’s formula, u, = (a? — B?)/ /5. When the pth powers of w and B 
are expanded by the binomial theorem, we obtain 


1 stal-()4e()o-()eooe Gree 
“sal (0) Q)sso- (orn 
“sl()+ Qe Qe Gm 


Recall that (?) = 0 (mod p) for 1 < k < p — 1, andalso2?~! = 1 (mod p). These 
facts allow us to write the expression for u, more simply as 


up = 2? up = (?) 5(P-D/2 — 5(7-D/2 (mod p) 


Theorem 9.2 then yields u, = (5/p) = +1 (mod p), so that u’, = 1 (mod p). The 
final touch is to treat the familiar identity ur, = Up—1Up41 + (—1)?~! as a congruence 
modulo p, thereby reducing it to up_1up4; =0 (mod p). This, however, is just the 
statement that one of up_; and u,+; 1s divisible by p. Because gcd(p — 1, p + 1) = 2, 
Theorem 14.3 tells us that 


gcd(up-1,Upyi) =u2 = 1 


and the pieces of the theorem are established. 


We should point out that p — 1 or p + 1 is not necessarily the smallest subscript 
of a Fibonacci number divisible by p. For instance, 13 | u14, but also 13 | u7. 
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Having considered a divisibility feature of u,_; or up+41, we next turn to up, 
where p is a prime. Of course, u, could itself be prime as with us = 5 and u7 = 13. 
There are several results dealing with the composite nature of certain u,. We conclude 
the section with one of these. 


Theorem 14.6. Let p > 7 be a prime for which p = 2 (mod 5), or p = 4 (mod 5). If 
2p — 1 is also prime, then 2p — 1|u,. 


Proof. Suppose that p has the form 5k + 2 for some k. The starting point is to square 
the formula u, = (a? — B”)/4/5, then expand a? and B?? by the binomial theorem 


to get 
1 2p 2p 2p 
DS rem e e yt ee, p 
sus = [1+ (7?)5+ (7) + + (0? )se | +2 


Observe that (*?) = 0 (mod 2p — 1) for 2 < k < 2p —1 while, because 2p — 1 is 
prime, 2??-! = 2 (mod 2p — 1). This enables us to reduce the expression for ur, to 


2(5u,)” = (1+ 5”) + 4 (mod 2p — 1) 
or simply, to 2u%, = 1 + 5?~!(mod 2p — 1). Now 
5P-1 — 5@P-2)/2 = (5/2p — 1) (mod 2p — 1) 
From Theorems 9.9 and 9.10, it is easy to see that 
(5/2p — 1) = @p — 1/5) = (0k + 3/5) = (3/5) = -1 


Last, we arrive at 2u*, = 1+ (—1) = 0(mod 2p — 1), from which it may be concluded 
that 2p — 1 divides u,,. The case p = 4 (mod 5) can be handled in much the same way 
upon noting that (2/5) = —1. 


As illustrations, we mention u;9 = 37-113, where 19 = 4 (mod 5); and u37 = 
73 - 330929, where 37 = 2 (mod 5). 

The Fibonacci numbers provide a continuing source of questions for investiga- 
tion. Here is a recent result: the largest Fibonacci number that is the sum of two fac- 
torials is uw}2 = 144 = 4! + 5!. Another is that the only squares among the Fibonacci 
numbers are uv; = 1 and uy = 12”, with the only other power being ue = pig 


PROBLEMS 14.3 


1. Using induction on the positive integer n, establish the following formulas: 
(a) wy + 2u2 + 3u3 +--+ + nun = (n+ 1)Uny2 — Unya + 2. 
(b) uz + 2u4 + 3u6 + +++ + NU = NU2n41 — Uon- 
2. (a) Show that the sum of the first n Fibonacci numbers with odd indices is given by the 


formula 
Uy + U3 + U5 + +++ + Ugn-1 = U2n 
[Hint: Add the equalities uj = uz, u3 = U4 — U2, Us = Ug — U4, ....] 
(b) Show that the sum of the first n Fibonacci numbers with even indices is given by the 
formula 


U2 + U4 + Ug +--+ + Uon = Ung — 1 


[Hint: Apply part (a) in conjunction with identity in Eq. (2).] 
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(c) Derive the following expression for the alternating sum of the first n > 2 Fibonacci 
numbers: 


Uy — U2 +3 — Ug +--+ (-1)" ay = 14+ (Hn) 


. From Eq. (1), deduce that 


ayia 2 oS Mare 
U2n-1 =U, 2% Un-1 U2n = Uni) Un] n>2 


. Use the results of Problem 3 to obtain the following identities: 


(a) Wes + Tomes = 2U2n-1, n 2 3; 
(b) Wyo + up, = WAuZ + whys) 0 > 2. 


. Establish that the formula 


i emeees 
UnUn-1 = Uj, — u,_, + (—1)" 


holds for n > 2 and use this to conclude that consecutive Fibonacci numbers are 
relatively prime. 


. Without resorting to induction, derive the following identities: 


(a) Us. — 4uy,un_) = Tee n> 3. 
[Hint: Start by squaring both ujz_2 = Up — Up—; aNd Ung = Un + Uy_y.] 
(b) Uns1Un—-1 — Un42Un-2 = 2(- Lye n = 3. 
(Hint: Put un42 = Ung, + Un, Un—2 = Un — Up_ and use Eq. (3).] 
(c) u2 — Un42Uun-2 = (—1)",n = 3. 
[Hint: Mimic the proof of Eq. (3).] 
(d) u2 — Uny3Un_3 = 4(-1)"*!,n > 4. 
(€) Unins1Un43Un44 = ldo —I,n>1. 
[Hint: By part (c), Un pauy = Un +(—1)"*!, whereas by Eq. (3), Unsilln43 = 
wy + (1)? ] 


. Represent the integers 50, 75, 100, and 125 as sums of distinct Fibonacci numbers. 


8. Prove that every positive integer can be written as a sum of distinct terms from the 
sequence U2, U3, U4, ... (that is, the Fibonacci sequence with wu, deleted). 
9. Establish the identity 


10. 


11. 


12. 


13. 


(UnUn43)” = (2Un41Un42)° = (u2n43)° n>1 


and use this to generate five primitive Pythagorean triples. 

Prove that the product u,Un41Un42Un43 Of any four consecutive Fibonacci numbers is 
equal to the area of a Pythagorean triangle. 

[Hint: See the previous problem.] 

From the Binet formula for Fibonacci numbers, derive the relation 


U2n42U2n—1 — U2nU2n41 = 1 n>1 


Forn > 1, show that the product u,_ 12,45 can be expressed as the sum of two squares. 

[Hint: Problem 6(d).] 

(a) Prove that if p = 4k + 3 is prime, then p cannot divide a Fibonacci number with an 
odd index; that is, p { u2n_; for alln > 1. 
[Hint: In the contrary case, ur + ur_, = U2,_; = 0 (mod p). See Problem 12, 
Section 5.3.] 

(b) From part (a) conclude that there are infinitely many primes of the form 4k + 1. 
[Hint: Consider the sequence {u,}, where p > 5 is prime.] 


14. 


15. 


16. 


17. 


18. 


19. 


20. 


21. 


22. 
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Verify that the product u2,U2n+42U2+4 of three consecutive Fibonacci numbers with even 
indices is the product of three consecutive integers; for instance, we have u4ugug = 
504 =7-8-9. 

[Hint: First show that u2,U244 = U5, ya— 1] 

Use Eqs. (1) and (2) to show that the sum of any 20 consecutive Fibonacci numbers is 
divisible by 40. 

For n > 4, prove that u, + 1 is not a prime. 

[Hint: It suffices to establish the identities 


Ugg + 1 = UpE—1 (U2 + Ur2K42) 
Ugg 41 + 1 = wox41Uax—-1 + U2e+41) 
Uge42 + 1 = ure 42(Wre+1 + U2e-1) 
W443 + 1 = wrx41 (ars + Ur2e+43)-] 


The Lucas numbers are defined by the same recurrence formula as the Fibonacci numbers, 
Ly = Ln-1 + Ln-2 n> 3 


but with L; = 1 and L2 = 3; this gives the sequence 1, 3, 4, 7, 11, 18, 29, 47, 76, 123, 
199, 322, .... For the Lucas numbers, derive each of the identities below: 
(a) L)+L22+034+---+L, = Layo —3,n > 1. 
(b) L} +23 +25 4+---+ Loy; = Lo —2,n > 1. 
(c) Lo + La t+ Leo +--+ + Loy = Longi —1,n > 1. 
(d) LF = LypiLn1 + 5(-1)", n > 2. 
(©) Lt Pig Le PE = Beha — 2, = 1. 
(f) ‘Be = be = Ln-1Ln42,n = 2. 
Establish the following relations between the Fibonacci and Lucas numbers: 
(a) Ln = Un+1 + Un—1 = Un + 2Uy_-1, 7 = 2. 
[Hint: Argue by induction on 7.] 
(b) La = Un+2 — Un—2, 7" = 3. 
(©) to, =U, Lys ht = 1. 
(d) Lagi + La-1 = Stn, n > 2. 
(e) L? = u2 + Aunt1Un-1, n > 2. 
(f) 2tmin =UmLn + Latn,m > 1,n > 1. 
(g) gcd(u,, Ln) = 1 or2,n > 1. 
Ifa = (1+ J/5)/2 and B = (1 — J/5)/2, obtain the Binet formula for the Lucas numbers 
Lond Pr n>1 
For the Lucas sequence, establish the following results without resorting to induction: 
(a) L? = Lo, +2(-1)",n > 1. 
(b) LaLnyi — Loy = (-1)",n = 1. 
(c) Li — Ly-iLat1 = 5(—1)",n = 2. 
(d) Lon + 7(—-1)" = Ln-2Lhn42,n = 3. 
Use the Binet formulas to obtain the relations below: 
(a) L? —5u2 =4(-1)",n > 1. 
(b) Lant1 = Suplngi + (—1)",n > 1. 
(c) L2 — u2 = 4un_1Unti,n > 2. 
(d) Luby + Suga = 2Ligin, mM > 1,n > 1. 
Show that the Lucas numbers Ly, Lg, Lie, L32, ... all have 7 as the final digit; that is, 
Ly» = 7 (mod 10) forn > 2. 
[Hint: Induct on the integer n and appeal to the formula L? = L2, + 2(—1)".] 
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23. In 1876, Lucas discovered the following formula for the Fibonacci numbers in terms of 
the binomial coefficients: 


2 (3) CCF 690 


where j is the largest integer less than or equal to (n — 1)/2. Derive this result. 
[Hint: Argue by induction, using the relation uv, = u,_1 + Up_2; note also that 


m m—1 m—1 
(t)=("e')+(Z21)2 
24. Establish that forn > 1, 


(a) @ uy + Co) uz + (5) u3t+---+ (") Un = Urn, 
© —(j)ar ()oa~ GG) t- +0 (|) ae = te 


[Hint: Use the Binet formula for u,, and then the binomial theorem. ] 
25. Prove that 24 divides the sum of any 24 consecutive Fibonacci numbers. 
[Hint: Consider the identity 


Un + Ung +++ + Unsk—1 = Un—1(Ugs1 — 1) + Up(Ugy2 — 1).] 


26. Letn > 2 and m = n}3 — n. Show that u,, is divisible by 30290. 
[Hint: See Problem 1(b) of Section 7.3.] 

27. Forn > 1, prove that the sequence of ratios u,+1/u, approaches a as a limiting value; 
that is, 


[Hint: Employ the relation uz = & + 6x, where |d;| < 5 for allk > 1.] 
28. Prove the following two assertions: 
(a) If p is a prime of the form 5k = 2, then p|u p41. 
[Hint: Mimic the argument in Theorem 14.5, with up+1 replacing up.] 
(b) If p is a prime of the form 5k + 1, then plu p-1. 


CHAPTER 
CONTINUED FRACTIONS 


A mathematician, like a painter or a poet, is a maker of patterns. If his patterns 
are more permanent than theirs, it is because they are made with ideas. 
G. H. HARDY 


15.1 SRINIVASA RAMANUJAN 


From time to time India has produced mathematicians of remarkable power, but 
Srinivasa Ramanujan (1887-1920) is universally considered to have been its greatest 
genius. He was born in the southern Indian town of Erode, near Madras, the son of 
a bookkeeper in a cloth merchant’s shop. He began his single-minded pursuit of 
mathematics when, at the age of 15 or 16, he borrowed a copy of Carr’s Synopsis 
of Pure Mathematics. This unusual book contained the statements of over 6000 
theorems, very few with proofs. Ramanujan undertook the task of establishing, 
without help, all the formulas in the book. In 1903, he won a scholarship to the 
University of Madras, only to lose it a year later for neglecting other subjects in 
favor of mathematics. He dropped out of college in disappointment and wandered the 
countryside for the next several years, impoverished and unemployed. Compelled 
to seek a regular livelihood after marrying, Ramanujan secured (1912) a clerical 
position with the Madras Port Trust Office, a job that left him enough time to continue 
his work in mathematics. After publishing his first paper in 1911, and two more the 
next year, he gradually gained recognition. 

At the urging of influential friends, Ramanujan began a correspondence with the 
leading British pure mathematician of the day, G. H. Hardy. Appended to his letters 
to Hardy were lists of theorems, 120 in all, some definitely proved and others only 
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Srinivasa Ramanujan 
(1887-1920) 


(Trinity College Library, Cambridge) 


conjectured. Examining these with bewilderment, Hardy concluded that “they could 
only be written down by a mathematician of the highest class; they must be true 
because if they were not true, no one would have the imagination to invent them.” 
Hardy immediately invited Ramanujan to come to Cambridge University to develop 
his already great, but untrained, mathematical talent. Up to that time, Ramanujan 
had worked almost totally isolated from modern European mathematics. 

Supported by a special scholarship, Ramanujan arrived in Cambridge in April 
1914. There he had 3 years of uninterrupted activity, doing much of his best work 
in collaboration with Hardy. Hardy wrote to Madras University saying, “He will 
return to India with a scientific standing and reputation such as no Indian has en- 
joyed before.” However, in 1917, Ramanujan became incurably ill. His disease was 
diagnosed at that time as tuberculosis, but it is now thought to have been a severe 
vitamin deficiency. (A strict vegetarian who cooked all of his own food, Ramanujan 
had difficulty maintaining an adequate diet in war-rationed England.) Early in 1919 
when the seas were finally considered safe for travel, he returned to India. In ex- 
treme pain, Ramanujan continued to do mathematics while lying in bed. He died the 
following April, at the age of 32. 

The theory of partitions is one of the outstanding examples of the success of the 
Hardy-Ramanujan collaboration. A partition of a positive integer n is a way of writing 
n as a sum of positive integers, the order of the summands being irrelevant. The 
integer 5, for example, may be partitioned in seven ways:5,4+1,3+2,3+1+41, 
24+2+1,2+14+1+1,1+1+1+1+1. If p(n) denotes the total number of 
partitions of n, then the values of p(n) for the first six positive integers are p(1) = 1, 
p(2) = 2, p(3) = 3, p(4) = 5, p(S) = 7 and p(6) = 11. Actual computation shows 
that the partition function p(7) increases very rapidly with n; for instance, p(200) 
has the enormous value 


p(200) = 3972999029388 
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Although no simple formula for p(n) exists, one can look for an approximate 
formula giving its general order of magnitude. In 1918, Hardy and Ramanujan proved 
what is considered one of the masterpieces in number theory: namely, that for large 
n the partition function satisfies the relation 


ecvn 
n)  —— 
p(n) PERE) 


where the constant c = 1(2/3)'/. Forn = 200, the right-hand side of the previous 
relation is approximately 4 - 10!2, which is remarkably close to the actual value of 
p(200). 

Hardy and Ramanujan proved considerably more. They obtained a fairly com- 
plicated infinite series for p(n) that could be used to calculate p(n) exactly, for any 
positive integer n. When n = 200, the initial term of this series produces the ap- 
proximation 3972998993185.896, agreeing with the first six significant figures of 
p(200); truncated at five terms, the series approximates the exact value with an error 
of 0.004. 

Ramanujan was the first to discover (in 1919) several remarkable congruence 
properties involving the partition function p(n); namely, he proved that 


p(5k + 4) = 0 (mod 5) p(7k + 5) = 0 (mod 7) p(11k + 6) = 0 (mod 11) 


as well as similar divisibility relations for the moduli 52, 77, and 11”, such as 
p(25k + 24) = 0 (mod 5*). These results were embodied in his famous conjec- 
ture: For g = 5,7, or 11, if 24n = 1 (mod q*), then p(n) = 0 (mod g*) for all k > 0. 
From extensive tables of values of p(n), it was later noticed that the conjectured 
congruence relating to powers of 7 is false when k = 3; that is, when n = 243, we 
have 24n = 5832 = 1 (mod 7°), but 


p(243) = 133978259344888 = 245 # 0 (mod 73) 


Yet Ramanujan’s inspired guesses were illuminating even when incorrect, for it is 
now known that if 24n = 1 (mod 7-7), then p(n) = 0 (mod 7*) for k > 2. It was 
proved by Ken Ono in 1999 that partition congruences can be found not only for 5, 
7, and 11, but also for all larger primes. 

In 1915, Ramanujan published an elaborate 63-page memoir on highly compos- 
ite numbers. An integern > 1 is termed highly composite if it has more divisors than 
any preceding integer; in other words, the divisor function T satisfies t(m) < t(n) for 
allm <n. The first 10 highly composite numbers are 2, 4, 6, 12, 24, 36, 48, 60, 120, 
and 180. Ramanujan obtained some surprisingly accurate information concerning 
their structure. It was known that highly composite numbers could be expressed as 


n = 2635"... pk where kj > kn >k3 >--->k;, 


What Ramanujan showed was that the beginning exponents form a strictly decreasing 
sequence k, > ky > k3 > ---, but that later groups of equal exponents occur; and 
that the final exponent k, = 1, except when n = 4 orn = 36, in which case k, = 2. 
As an example, 


6746328388800 = 2° . 34.5%. 77-11-13-17-19-23 
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As a final example of Ramanujan’s creativity, we mention his unparalleled abil- 
ity to come up with infinite series representations for 7. Computer scientists have 
exploited his series 

1 V8 SS (4n)! [1103 + 263907] 


x 9801 & (nl 306% 


to calculate the value of z to millions of decimal digits; each successive term in the 
series adds roughly eight more correct digits. Ramanujan discovered 14 other series 
for 1/2, but he gave almost no explanation as to their origin. The most remarkable 


of these is 

1 Qf2n\* 42n+5 

ae 2 n J12n+4 
This series has the property that it can be used to compute the second block of k 
(binary) digits in the decimal expansion of z without calculating the first k digits. 


15.2 FINITE CONTINUED FRACTIONS 


In that part of the Liber Abaci dealing with the resolution of fractions into unit 
fractions, Fibonacci introduced a kind of “continued fraction.’ For example, he 
employed the symbol ere as an abbreviation for 


+5 
aia ak eee 1 
Gyo 4 ea jas 
The modern practice is, however, to write continued fractions in a descending fashion, 
as with 


1 
1 
1 
hers alt 
a ia ar 
A multiple-decked expression of this type is said to be a finite simple continued 
fraction. To put the matter formally, we give Definition 15.1. 


44 
1 


Definition 15.1. By a finite continued fraction is meant a fraction of the form 


= i 
a, + 
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where do, dj, ..., @, are real numbers, all of which except possibly ag are positive. The 
numbers a), a2, ..., @, are the partial denominators of this fraction. Such a fraction is 
called simple if all of the a; are integers. 


Although giving due credit to Fibonacci, most authorities agree that the theory 
of continued fractions begins with Rafael Bombelli, the last of the great algebraists 
of Renaissance Italy. In his L’Algebra Opera (1572), Bombelli attempted to find 
square roots by means of infinite continued fractions—a method both ingenious and 
novel. He essentially proved that s/13 could be expressed as the continued fraction 


V13=3+ us 
a 
6 = 
16m 


It may be interesting to mention that Bombelli was the first to popularize the work of 
Diophantus in the Latin West. He set out initially to translate the Vatican Library’s 
copy of Diophantus’s Arithmetica (probably the same manuscript uncovered by 
Regiomontanus), but, carried away by other labors, never finished the project. In- 
stead, he took all the problems of the first four Books and embodied them in his 
Algebra, interspersing them with his own problems. Although Bombelli did not dis- 
tinguish between the problems, he nonetheless acknowledged that he had borrowed 
freely from the Arithmetica. 

Evidently, the value of any finite simple continued fraction will always be a 
rational number. For instance, the continued fraction 
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Theorem 15.1. Any rational number can be written as a finite simple continued 
fraction. 


Proof. Let a/b, where b > 0, be an arbitrary rational number. Euclid’s algorithm for 
finding the greatest common divisor of a and b gives us the equations 


a=bajt+r O0<r, <b 
b=ra, +r 0<n<r 
Ty =120a2 + 73 0<17r3<>Pr 


Tn—-2 = Mn-1An-1 + 1n = =O<Tp <Tn-1 
Tn-1 = nn + O 


Notice that because each remainder 7; is a positive integer, a}, a2, ..., @, are all posi- 
tive. Rewrite the equations of the algorithm in the following manner: 


a gel ae 
~~ = 40 > = 40 mys 
b b Db 
r| 
a) 1 
=e = aise 
ry ry at 
r2 
Tr) r3 
=O = G25, 
‘2 i) a 
r3 
MA 
= an 
Tn 


If we use the second of these equations to eliminate b/r, from the first equation, 
then 


it 
Gr = aoe 
r 


In this result, substitute the value of r,/r2 as given in the third equation: 


a i 1 
—--=@ 
5 0 
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Continuing in this way, we can go on to get 


fr 
— =a) 
b 
ay + 


thereby finishing the proof. 
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To illustrate the procedure involved in the proof of Theorem 15.1, let us represent 
19/51 as a continued fraction. An application of Euclid’s algorithm to the integers 


19 and 51 gives the equations 
51=2-19+413 or 51/19 = 2+ 13/19 


19=1-13+6 or 19/13 = 1+ 6/13 
13=2-6+1 or 13/6 =2+ 1/6 
6=6-1+0 or 6/6=1 


Making the appropriate substitutions, it is seen that 


19 1 1 


1+—{ 
2+% 


which is the continued fraction expansion for 19/51. 
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Because continued fractions are unwieldy to print or write, we adopt the conven- 
tion of denoting a continued fraction by a symbol that displays its partial quotients, 
say, by the symbol [ag; a1, ... , a, ]. In this notation, the expansion for 19/51 is indi- 
cated by 


[0;2, 1, 2, 6] 
and for 172/51 = 3 + 19/51 by 
[3; 2, 1, 2, 6] 


The initial integer in the symbol [dg; a1, ... , d,] will be zero when the value of the 
fraction is positive but less than one. 

The representation of a rational number as a finite simple continued fraction is 
not unique; once the representation has been obtained, we can always modify the 
last term. For, if a, > 1, then 


1 
Beare a) tal er a 


where a, — 1 is a positive integer; hence, 


[@9;@1,..., An] = [A0;@1,...,@, — 1, 1] 
On the other hand, if a, = 1, then 
1 1 
Qn—-1 + — =), +> =a-14+1 
An 1 
so that 
[@9; @1,.-+, Qn—1, An] = [@p; 41, ..-, An—2, Qn—1 + 1] 


Every rational number has two representations as a simple continued fraction, one 
with an even number of partial denominators and one with an odd number (it turns 
out that these are the only two representations). In the case of 19/51, 


19/51 =:[0;2,1;2, 6).= (032, 152, 3,1] 


Example 15.1. We go back to the Fibonacci sequence and consider the quotient of 
two successive Fibonacci numbers (that is, the rational number u,,41/u,) written as 
a simple continued fraction. As pointed out earlier, the Euclidean Algorithm for the 
greatest common divisor of u, and u,,1 produces the n — 1 equations 


Unt = 1-uy,+ Un-] 


Un = 1-Un_1 + Un—-2 


ug =1-u3+u2 
u3=2-u2+0 


Because the quotients generated by the algorithm become the partial denominators of 
the continued fraction, we may write 


dled oR Rey 


Un 
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But un+41/Un is also represented by a continued fraction having one more partial de- 
nominator than does [1;1, 1, ..., 1, 2]; namely, 
u 
Se ails Wlawsalicly lg 
Un 
where the integer 1 appears n times. Thus, the fraction u,41/u, has a continued fraction 
expansion that is very easy to describe: There are n — 1 partial denominators all equal 
to 1. 


As a final item on this part of our program, we would like to indicate how the 
theory of continued fractions can be applied to the solution of linear Diophantine 
equations. This requires knowing a few pertinent facts about the “convergents” of a 
continued fraction, so let us begin proving them here. 


Definition 15.2. The continued fraction made from [ao a1, ..., a,] by cutting off the 
expansion after the kth partial denominator a, is called the kth convergent of the given 
continued fraction and denoted by C;; in symbols, 


Cy = [a0; 41, «>, az] l<k<n 


We let the zeroth convergent Cp be equal to the number ao. 


A point worth calling attention to is that for k < n if a, is replaced by the value 
a; + 1/a;,+1, then the convergent C; becomes the convergent Cy+1; 


1 
aoa, ey QR=1, OF 
Ak+1 


= [93 41, --- 5 Qe—-1, Gk, Ae41] = Cet 
It hardly needs remarking that the last convergent C,, always equals the rational 
number represented by the original continued fraction. 


Going back to our example 19/51 = [0; 2, 1, 2, 6], the successive convergents 
are 


Co = 0 
1 1 
1 = [0; 2] ie - 
1 1 
ia 2+; 3 
1 3 
ppt 
144 


C, = [0;2, 1, 2,6] = 19/51 


Except for the last convergent C4, these are alternately less than or greater than 
19/51, each convergent being closer in value to 19/51 than the previous one. 

Much of the labor in calculating the convergents of a finite continued fraction 
[ao; 1, .--.,@n] can be avoided by establishing formulas for their numerators and 
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denominators. To this end, let us define numbers p,; and q, (k =0,1,...,) as 
follows: 

Po = 40 go= 1 

Pi = 41a9 + 1 qi =a 


Pk = Qk Pr-1 + Pr-2 Gk = AkGk-1 + Gk-2 


100 R= 2. Oo ae 


A direct computation shows that the first few convergents of [ao;a),... 


are 
a 
1 qo 
1 ajajp+ 1 
CG ee ee 
aj a) q1 
1 an(ajdg + 1)+a 
C= a+ 1 = Minato _ Be 
oe ee 2a) q2 
a2 


’ an] 


Success hinges on being able to show that this relationship continues to hold. This 


is the content of Theorem 15.2. 


Theorem 15.2. The kth convergent of the simple continued fraction [ao; a1, ... 


has the value 


Get odtv<ken 


qk 


’ an| 


Proof. The previous remarks indicate that the theorem is true for k = 0, 1, 2. Let us 


assume that it is true for k = m, where 2 < m < n; that is, for this m, 


= Pm _ 4m Pm-1 + Pm-2 
dm Am Qm-1 a dm-2 


(1) 


Note that the integers Dm—1, Gm—1, Pm—2» Ym—2 depend on the first m — 1 partial de- 
nominators a1, d2,..., @m,—1 and, hence, are independent of a,,. Thus, Eq. (1) remains 


valid if a, is replaced by the value a, + 1/dm41: 


1 
ay 5s + 
Qn+1 


1 
( a ) Pm-1 5 Pm-2 
Am+1 


1 
(«, + ) dm-1 + dm-2 
Am+1 
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As has been explained earlier, the effect of this substitution is to change C,, into the 
convergent C,,41, so that 


if 
(n + ) Pm-1 ae Pm-2 
Am+1 


1 
(<n + ) Gdm-1 + dm-2 
Am+1 


Am+1(4m Pm-1 ote Pm-2) + Pm-1 
Gm+1(GmQm—1 + Im—2) + Im-1 
_ Om+1Pm + Pm-1 
= Am+19m + Qm-1 


Cri = 


However, this is precisely the form that the theorem should take in the case in which 
k =m +1. Therefore, by induction, the stated result holds. 


Let us see how this works in a specific instance, say, 19/51 = [0;2, 1, 2, 6]: 


Po = 0 and q=1 
pp=0-2+1=1 qi=2 
p2=1-14+0=1 q2a=1-2+1=3 
p3 =2-14+1=3 gga =2-34+2=8 
pya=6-3+1=19 q4=6-8+3=51 


This says that the convergents of [0; 2, 1, 2, 6] are 


l 1 
Cee BSG) eee | eel 
qo gq 2 gq 3 
3 19 
Chast a ea 
qs 8 gz Si 


as we know that they should be. 


The integers p;, and q; were defined recursively for 0 < k < n. We might have 
chosen to put 


p-2 = 0, p-1 = 1 and g-2=1,9-1=0 
One advantage of this agreement is that the relations 
Pk = % Pk-1 + Pk-2 and Uk = Agr-itg-2 k=0,1,2,...,n 
would allow the successive convergents of a continued fraction [d,; a1, ..., a] to 
be calculated readily. There is no longer a need to treat po/qo and p;/q, separately, 


because they are obtained directly from the first two values of k. Itis often convenient 
to arrange the required calculations in tabular form. To illustrate with the continued 
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fraction [2; 3, 1, 4, 2], the work would be set forth in the table 


| ee aes eee | Gs eee 3 4 
ak a3 1 4 2 
Pk 1 I Fare kG 43 95 
a 8601 les 2S. ea 19 42 


Ck 2/1 7/3 «9/4 = 43/19 95/42 


Notice that [2;3, 1, 4, 2] = 95/42. 
We continue our development of the properties of convergents by proving 
Theorem 15.3. 


Theorem 15.3. If C, = px/qx is the kth convergent of the finite simple continued 
fraction [ao; a, ..., dy], then 


PROk-1 — Qe Pe-1 = (- 1)" 1<k<n 
Proof. Induction on k works quite simply, with the relation 
Piqo — 91 Po = (ado + 1)-1— a, -a9 = 1 =(-1)" 1 


disposing of the case k = 1. We assume that the formula in question is also true for 
k =m, where 1 < m <n. Then 


Pm+19m — Qm41Pm = (Gm4iPm + Pm-1)4m 
— (Gn419m + Gm—1) Pm 
= —(Pm9m-1 — ImPm-1) 

= C1 = Cy 


and so the formula holds for m + 1, whenever it holds for m. It follows by induction 
that it is valid for all kK with 1 <k <n. 


A notable consequence of this result is that the numerator and denominator of 
any convergent are relatively prime, so that the convergents are always given in 
lowest terms. 


Corollary. For 1 < k <n, p,x and q, are relatively prime. 


Proof. If d = gcd(px, 9x), then from the theorem, d | (=1)-1: because d > 0, this 
forces us to conclude that d = 1. 


Example 15.2. Consider the continued fraction [0; 1, 1, ..., 1] in which all the partial 
denominators are equal to 1. Here, the first few convergents are 


Co = 0/1 Ce 1/1 G=I1/2 C3 = 2/3 Cr 3) duke: 
Because the numerator of the kth convergent C; is 
Pe = 1+ Pe-1 + Pr-2 = Pe-1 + Pr-2 
and the denominator is 


Qk = 1+ Qe-1 + Qk-2 = Qk-1 + Gk-2 
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it is apparent that 


BE k>2 


Cee 


Uk+1 
where the symbol u; denotes the kth Fibonacci number. In the present context, the 
identity pegx—1 — 9k Pk—-1 = (—1)‘—! of Theorem 15.3 assumes the form 
Uy — Wey ue—1 = (-1)"! 
This is precisely Eq. (3) on page 292. 


Let us now turn to the linear Diophantine equation 
ax+by=c 
where a, b, c are given integers. Because no solution of this equation exists ifd { c, 
where d = gcd(a, b), there is no harm in assuming that d | c. In fact, we need only 
concern ourselves with the situation in which the coefficients are relatively prime. 
For if gcd(a, b) = d > 1, then the equation may be divided by d to produce 
a se b c 
—X a 
did d 
Both equations have the same solutions and, in the latter case, we know that 
gcd(a/d, b/d) = 1. 
Observe, too, that a solution of the equation 
ax+by=c gcd(a, b) = 1 
may be obtained by first solving the Diophantine equation 
ax+by=1 gcd(a, b) = 1 


Indeed, if integers xo and yo can be found for which axg + byo = 1, then multipli- 
cation of both sides by c gives 


a(cxo) + b(cyo) = ¢ 


Hence, x = cxp and y = cypo is the desired solution of ax + by = c. 
To secure a pair of integers x and y satisfying the equation ax + by = 1, expand 
the rational number a/b as a simple continued fraction; say, 


a 
Fale Creer a 
Now the last two convergents of this continued fraction are 
=A a 
dn-1 dn b 


Because gcd(p,, gn) = 1 = gcd(a, b), it may be concluded that 
Poa and Gn = b 

By virtue of Theorem 15.3, we have 
Pnn—1 — InPn—1 = (-1)"* 

or, with a change of notation, 


aqn-1 — bPn-1 = (-1)""' 
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Thus, with x = qgy,_; and y = — pp_;, we have 


ax + by =(-1)"! 


If n is odd, then the equation ax + by = 1 has the particular solution x9 = qy_1, 


y= 
Se 


— Pn—1; whereas if n is an even integer, then a solution is given by x9 = —@n-1, 
Pn—1- Our earlier theory tells us that the general solution is 


x= 29-t y= yo —at tage ke etl Wiis oP sae 


Example 15.3. Let us solve the linear Diophantine equation 
172x + 20y = 1000 


by means of simple continued fractions. Because gcd(172, 20) = 4, this equation may 
be replaced by the equation 


43x + 5y = 250 
The first step is to find a particular solution to 
43x+5y=1 


To accomplish this, we begin by writing 43/5 (or if one prefers, 5/43) as a simple 
continued fraction. The sequence of equalities obtained by applying the Euclidean 
Algorithm to the numbers 43 and 5 is 


43 =8-.5+3 
5=1-3+2 
3=1-24+1 
2=2-1 
so that 
1 
43/5 = [831, 1,2] =8+ i 
1+ j 
Tae 


The convergents of this continued fraction are 
Co-= 8/1 Cy 9/1 Co = 172 C3 = 43/5 


from which it follows that pz = 17, q2 = 2, p3 = 43, and g3 =5. Falling back on 
Theorem 15.3 again, 


P392 — 93P2 = (-1) 
or in equivalent terms, 
43-2-—5-17=1 
When this relation is multiplied by 250, we obtain 
43 - 500 + 5(—4250) = 250 
Thus, a particular solution of the Diophantine equation 43x + 5y = 250 is 
xo = 500 yo = —4250 


CONTINUED FRACTIONS 317 


The general solution is given by the equations 


x = 500+ 5t y = —4250 — 43t p= 0, el eZ) 


Before proving a theorem concerning the behavior of the odd- and even- 
numbered convergents of a simple continued fraction, we need a preliminary lemma. 


Lemma. If g; is the denominator of the kth convergent C; of the simple continued 
fraction [dp;a1,..., Qn], then gx_; < gx for 1 < k <n, with strict inequality when 
k>1. 


Proof. We establish the lemma by induction. In the first place, gg = 1 < a; = qi, so 
that the asserted equality holds when k = 1. Assume, then, that it is true for k = m, 
where 1 < m <n. Then 


Am+1 = 4n+19Um + Qm-1 > Am+19m = 1- dm = Im 


so that the inequality is also true fork = m+ 1. 
With this information available, it is an easy matter to prove Theorem 15.4. 


Theorem 15.4. (a) The convergents with even subscripts form a strictly increasing 
sequence; that is, 


Co < Co < Cy <::: 
(b) The convergents with odd subscripts form a strictly decreasing sequence; that is, 
Cy >C3>C5>-:-: 
(c) Every convergent with an odd subscript is greater than every convergent with an 
even subscript. 
Proof. With the aid of Theorem 15.3, we find that 
Capo — Ce = (Crz2 — Cai) + (Crti — Cr) 
a (2 _ bat) x Ge = ts 
Wk+2  Qk+1 4k+1 Qk 
| k+1 =| k 
Qk+29k+1 — Wk+19k 
— (1 Ge+2 -— 9) 


WkVK+19k42 


Recalling that g; > O for all i > O and that gz42 — qx > 0 by the lemma, it is evident 
that C;,42 — C; has the same algebraic sign as does (— 1). Thus, if k is an even integer, 
say k = 2], then C2;42 > C2;; whence 


Co < Co < Cy <::: 
Similarly, if k is an odd integer, say k = 27 — 1, then C241 < C2j-1; whence 


C; > C3>C5>-::- 
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It remains only to show that any odd-numbered convergent C2,_; is greater than any 
even-numbered convergent C2;. Because prqx—1 — 9k Pk—-1 = Ay upon dividing 
both sides of the equation by g,q,_1, we obtain 


De Pia ey 
dk dk-1 Gkqk-1 


This means that C2; < C2;_1. The effect of tying the various inequalities together is 
that 


Cy — Cy-1 = 


Cos < Castor < Cossar-1 < Cor-1 


as desired. 


To take an actual example, consider the continued fraction [2; 3, 2, 5, 2, 4, 2]. 
A little calculation gives the convergents 


Co=2/1 Ci=7/3 C2=16/7 C3 =87/38 
C1 = 190/83 Cs = 847/370 Co = 1884/823 


According to Theorem 15.4, these convergents satisfy the chain of inequalities 
2 < 16/7 < 190/83 < 1884/823 < 847/370 < 87/38 < 7/3 
This is readily visible when the numbers are expressed in decimal notation: 


2 < 2.28571--- < 2.28915.--- < 2.28918... < 2.28947... < 2.33333--- 


PROBLEMS 15.2 


1. Express each of the rational numbers below as finite simple continued fractions: 
(a) —19/51. 
(b) 187/57. 
(c) 71/55. 
(d) 118/303. 
2. Determine the rational numbers represented by the following simple continued fractions: 
(a) [—2; 2, 4, 6, 8]. 
(be [4525 1,:3,. 1-25-41. 
(6) [03 1525-3; 4352,411. 


3. If r = [ap a), a2, ..., A,], where r > 1, show that 
1 
Set [0; ao, a1, see 5iten | 
Pp 


4. Represent the following simple continued fractions in an equivalent form, but with an 
odd number of partial denominators: 
(a) [0;3,.1,.2, 3]. 
(b) [—1;2, 1, 6, 1]. 
(ce) (233, 1,2,.1,- Ti: 
5. Compute the convergents of the following simple continued fractions: 
(aii 2,353, 2,1]. 
(b) [—3; 1, 1, 1, 1, 3]. 
(c) [0;2, 4, 1, 8, 2]. 


11. 


12. 
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- (a) If Cy = px/qx denotes the kth convergent of the finite simple continued fraction 


[1;2,3,4,...,n,n+ 1], show that 
Pn = MPn-1 + NPn-2 + (n — 1)pn-3 +--+ +3p1 +2p0 + (po + I) 


[Hint: Add the relations po =1, p) =3, pe = (K+ 1)pe_-1 + pez for k = 
Deen 
(b) Illustrate part (a) by calculating the numerator pz, for the fraction [1; 2, 3, 4, 5]. 


- Evaluate px, gx, and Cy (k = 0, 1, ..., 8) for the simple continued fractions below; notice 


that the convergents provide an approximation to the irrational numbers in parentheses: 
(ay [1520 292.229.1472). 


(b) [131, 2, 1, 2, 1, 2, 1, 2] (V3). 
(c) [2;4, 4, 4, 4, 4, 4, 4, 4] (V5). 
(d) [2;2, 4, 2, 4, 2, 4, 2, 4] (/6). 
(e) [2;1, 1, 1,4, 1, 1, 1, 4] (V7). 
- If Ck = px/qx is the kth convergent of the simple continued fraction [a3 a1, ..., dn], 


establish that 
Ga Ye Ceksn 


[Hint: Observe that gx = axqx—1 + Qx—2 > 2Gk-2.] 


. Find the simple continued fraction representation of 3.1416, and that of 3.14159. 
- If Cy = pe/qx is the kth convergent of the simple continued fraction [dp; a), ..., a, ] and 


ap > 0, show that 
Pk 


= [4x3 ax-1,..-, 1, ag] 
Pk-1 
and 
dk 
—— = [@r3 G1, «2.482, 41] 
qk-1 
[Hint: In the first case, notice that 
k eo) 
ts =art+ is 
Pk-1 Pk-1 
= ar + Pear’ ] 
Pk-2 


By means of continued fractions determine the general solutions of each of the following 
Diophantine equations: 

(a) 19x +5ly =1. 

(b) 364x 4+ 227y = 1. 

(c) 18x + 5y = 24. 

(d) 158x —57y = 1. 

Verify Theorem 15.4 for the simple continued fraction [1;1, 1,1, 1, 1, 1, 1]. 


15.3. INFINITE CONTINUED FRACTIONS 


Up to this point, only finite continued fractions have been considered; and these, 
when simple, represent rational numbers. One of the main uses of the theory of 
continued fractions is finding approximate values of irrational numbers. For this, the 
notion of an infinite continued fraction is necessary. 
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An infinite continued fraction is an expression of the form 


by 
ao = b 
2 
ay+ i 
3 
a2 + 
a3 + ibe 
where do, dj, a2,... and bj, bo, b3,... are real numbers. An early example of a 


fraction of this type is found in the work of William Brouncker who converted (in 
1655) Wallis’s famous infinite product 


4 3.3.5-5-7-7-- 


tT. Dear ds O86 eeu 


into the identity 


7 


Both Wallis’s and Brouncker’s discoveries aroused considerable interest, but their 
direct use in calculating approximations to z is impractical. 

In evaluating infinite continued fractions and in expanding functions in con- 
tinued fractions, Srinivasa Ramanujan has no rival in the history of mathematics. 
He contributed many problems on continued fractions to the Journal of the Indian 
Mathematical Society, and his notebooks contain about 200 results on such fractions. 
G. H. Hardy, commenting on Ramanujan’s work, said “On this side [of mathematics] 
most certainly I have never met his equal, and I can only compare him with Euler 
or Jacobi.” Perhaps the most celebrated of Ramanujan’s fraction expansions is his 
assertion that 


oni 5+V5 145 2 1 
2 2 en 
e 


[+ 


fees. 


Part of its fame rests on its inclusion by Ramanujan in his first letter to Hardy in 
1913. Hardy found the identity startling and was unable to derive it, confessing later 
that a proof “completely defeated” him. Although most of Ramanujan’s marvelous 
formulas have now been proved, it is still not known what passage he took to discover 
them. 
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In this section, our discussion will be restricted to infinite simple continued 
fractions. These have the form 


ago+ 


be——— 
az+::: 

where ao, a), a2, ... is an infinite sequence of integers, all positive except possibly 

for do. We shall use the compact notation [do; a, a2, . . .] to denote such a fraction. 

To attach a mathematical meaning to this expression, observe that each of the finite 

continued fractions 


Cw = [40} G1, G2, +++ 1G] n=O 


is defined. It seems reasonable therefore to define the value of the infinite continued 
fraction [do; a1, a2,...] to be the limit of the sequence of rational numbers C,, 
provided, of course, that this limit exists. In something of an abuse of notation, we 
shall use [ao; a), a2, .. .] to indicate not only the infinite continued fraction, but also 
its value. 

The question of the existence of the just-mentioned limit is easily settled. For, 
under our hypothesis, the limit not only exists but is always an irrational number. 
To see this, observe that formulas previously obtained for finite continued fractions 
remain valid for infinite continued fractions, because the derivation of these relations 
did not depend on the finiteness of the fraction. When the upper limits on the indices 
are removed, Theorem 15.4 tells us that the convergents C,, of [ao; a1, @2, . . .] Satisfy 
the infinite chain of inequalities: 


Co = CPC Ne Cayce we Se Coa Re Ss = C5 = Cj 


Because the even-numbered convergents C2, form a monotonically increasing se- 
quence, bounded above by C;, they will converge to a limit a that is greater than 
each C2, Similarly, the monotonically decreasing sequence of odd-numbered con- 
vergents C2,,; 1s bounded below by Co and so has a limit q@’ that is less than 
each C2,+4;. Let us show that these limits are equal. On the basis of the relation 


P2n+192n — G2n+1P2n = (—1)*" we see that 


f P2n4+1 P2n 1 
a — a < Cont) — Con = = 


d2n+1 92n 92n92n+1 


whence, 
: 1 
0<|a’'-a|< <3 
92nQ2n+1 Dn 


Because the q; increase without bound as i becomes large, the right-hand side of this 
inequality can be made arbitrarily small. If w’ and @ were not the same, then a con- 
tradiction would result (that is, 1/ Dn could be made less than the value | a’ — a |). 
Thus, the two sequences of odd- and even-numbered convergents have the same 
limiting value w, which means that the sequence of convergents C,, has the limit a. 
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Taking our cue from these remarks, we make the following definition. 


Definition 15.3. If ao, a,, az, ... is an infinite sequence of integers, all positive except 
possibly ap, then the infinite simple continued fraction [ap; a), a2, .. .] has the value 


lim [403 41, a2, TD a an] 
n->0o 


It should be emphasized again that the adjective “simple” indicates that the 
partial denominators a, are all integers; because the only infinite continued fractions 
to be considered are simple, we shall often omit the term in what follows and call 
them infinite continued fractions. 

Perhaps the most elementary example is afforded by the infinite continued frac- 
tion [1;1, 1, 1,...]. The argument of Example 15.1 showed that the nth convergent 


C, = [1;1,1,..., 1], where the integer 1 appears times, is equal to 
é, = Un+1 0 
Un 


a quotient of successive Fibonacci numbers. If x denotes the value of the continued 
fraction [1;1,1,1,...], then 


, : Un+1 : Un + Un-1 
= him Cy = lm = lim ———— 
noo n>oo Uy n—>0oo Un 
} 1 1 it 
= lim1+ TP ts eee ee cdi 
n . n 
Un-1 noo Un—-] 


2 


This gives rise to the quadratic equation x“ — x — 1 = 0, whose only positive root 


isx=(1+ /5)/2. Hence, 


1 
ee ten 


There is one situation that occurs often enough to merit special terminology. If 
an infinite continued fraction, such as [3; 1, 2, 1, 6, 1, 2, 1, 6,...], contains a block 
of partial denominators b,, bo, ..., b, that repeats indefinitely, the fraction is called 
periodic. The custom is to write a periodic continued fraction 


Cl en: s.r | 


more compactly as 


[a9341, ae, ee aad ge | 
where the overbar indicates that this block of integers repeats over and over. If 
b,, bo, ..., by is the smallest block of integers that constantly repeats, we say that 
by, bo, ..., by is the period of the expansion and that the length of the period is n. 


Thus, for example, [3; 1, 2, 1, 6] would denote [3; 1, 2, 1, 6, 1, 2, 1, 6, ...], a con- 
tinued fraction whose period 1, 2, 1, 6 has length 4. 

We saw earlier that every finite continued fraction is represented by a rational 
number. Let us now consider the value of an infinite continued fraction. 
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Theorem 15.5. The value of any infinite continued fraction is an irrational number. 


Proof. Let us suppose that x denotes the value of the infinite continued fraction 


[a9; 1, a2, ...]; that is, x is the limit of the sequence of convergents 
Pn 
Ci = [a0; a1, a2, Ce) an] — ire 
n 


Because x lies strictly between the successive convergents C, and C,,;1, we have 


Pn+1 a Fa eee 1 
Gn+1 an GnQn+1 


With the view to obtaining a contradiction, assume that x is a rational number; say, 
x = a/b, where a and b > O are integers. Then 


Oe | *— CO.CC. = 


1 

b Qn 4nQn+1 
and so, upon multiplication by the positive number bq,, 
b 


Gn+1 


0< | agn — bpp | < 
We recall that the values of g; increase without bound as 7 increases. If n is chosen so 
large that b < qn+1, the result is 
0 < |aqgn — bpn| < 1 
This says that there is a positive integer, namely | ag, — bp, |, between 0 and 1—an 


obvious impossibility. 


We now ask whether two different infinite continued fractions can represent the 
same irrational number. Before giving the pertinent result, let us observe that the 
properties of limits allow us to write an infinite continued fraction [ao; a, a2, . . .] as 


[a9; a1, a2,...] = lim [ao; a), ..., ay] 
noo 
; 1 
= lim [{ a) + ———————- 
n> 00 [a3 a2,..., An] 
1 
=@Qa _—$—$— $$ 
lim [a1;@2,..., An] 
no 


[a1;.a2, a3,...] 


Our theorem is stated as follows. 


Theorem 15.6. If the infinite continued fractions [ao; a1, az, ...] and [bo; Dy, bo, .. .] 
are equal, then a, = b, for alln > 0. 


Proof. If x = [ao; a), a2, ...], then Co < x < Cj, which is the same as saying that 
ag < x < a) +1/a;. Knowing that the integer a; > 1, this produces the inequality 
ag < x < ao + 1. Hence, [x] = ao, where [x] is the traditional notation for the greatest 
integer or “bracket” function (page 117). 
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Now assume that [d9; a1, d2,...] = x = [bo;)1, bo, ...] or, to put it in a different 
form, 
+ : bo + ; 
a i —— 
oleae autre 
By virtue of the conclusion of the first paragraph, we have ag = [x] = bo, from which it 
may then be deduced that [a1; a2, ...] = [bi; b2, ...]. When the reasoning is repeated, 
we next conclude that aj = b, and that [a2; a3, ...] = [b2; b3, ...]. The process con- 
tinues by mathematical induction, thereby giving a, = b, for alln > 0. 


Corollary. Two distinct infinite continued fractions represent two distinct irrational 
numbers. 


Example 15.4. To determine the unique irrational number represented by the infinite 
continued fraction x = [3; 6, 1, 4], let us write x = [3;6, y], where 


y=[1;54] =(154, y] 
Then 


1 
44- 
vy) 


which leads to the quadratic equation 
4y*-—4y-1=0 


Inasmuch as y > 0 and this equation has only one positive root, we may infer that 


142 
ar, 
From x = [3;6, y], we then find that 
1 25 + 19/2 
e4. 1 8+ 6/2 
ead 
Ds 
_ (25+ 19/2)(8 — 6V2) 
(8 + 6/2)(8 — 6/2) 
_ 4-2 
a 4 
that is, 
44/2 
Be iaie = 


Our last theorem shows that every infinite continued fraction represents a unique 


irrational number. Turning matters around, we next establish that an arbitrary irra- 
tional number xo can be expanded into an infinite continued fraction [do; a), a2, .. .] 
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that converges to the value x9. The sequence of integers dp, a1, a2, ... 1S defined as 
follows: Using the bracket function, we first let 


1 1 1 


SS SS De a er 
xo — [xo] x1 — [x1] x2 — [x2] 


and then take 
ao = [xo] a; = [x] ay = [x2] a3 = [x3]--- 


In general, the a; are given inductively by 


1 
=(%) eH = —— k=0 
XK — Ak 
It is evident that x;,,1 is irrational whenever x; is irrational: thus, because we are 


confining ourselves to the case in which Xo is an irrational number, all x; are irrational 
by induction. Thus, 


0 < x, —ay = x, — [x] < 1 


and we see that 


1 
x1 = —— > 1 
Xk — Ak 
so that the integer ay41 = [%,41] = 1 for all k = O. This process therefore leads to 
an infinite sequence of integers ap, a), a2, ..., all positive except perhaps for ap. 
Employing our inductive definition in the form 


Xe = Ay + —— k>0 
Xk+1 


through successive substitutions, we obtain 


Xo = ag + — 
xX] 


ee 


aa 
X3 


= [a03 41, Q2,.+++; an, Xn41] 


for every positive integer n. This makes one suspect—an4d it is our task to show—that 
Xo is the value of the infinite continued fraction [d9; a1, a2, .. Al 

For any fixed integer n, the first n+ 1 convergents C. = pr/qx, where0 < k <n, 
of [ap; a1, a2, ...] are the same as the first n + 1 convergents of the finite continued 
fraction [ao; a1, @2, -.-, Gn, Xn+1]. If we denote the (n + 2)th convergent of the latter 


326 ELEMENTARY NUMBER THEORY 


by C/,,;, then the argument used in the proof of Theorem 15.2 to obtain C,1 from 


C, by replacing a, by a, + 1/an41 works equally well in the present setting; this 
enables us to obtain C7, 41 from Cy+1 by replacing dy41 by Xn+1: 


/ . 
Xo = C41 = [405 41, a2, ..-, Qn, Xn+1] 


_ Xn+1Pn age esl 
Xn419n + Qn-1 


Because of this, 


Xn+1Pn + Pn-1 = Py 


Xo — C => 
Xn+19n + Yn-1 an 
ae (—1)(Pngn-1 = QnPn-1) -_ (—1? 
(Xn419n =f Qn—1)4n (Xn+419n + Qn—1)9n 


where the last equality relies on Theorem 15.3. Now x,41 > dy,+1, and therefore 


1 1 1 
——SSS EES < oo rr 
(Xn419n + Qn—1)4n (Gn419n + Qn—1)9n Gn+19n 


|xo -C,| = 


Because the integers g; are increasing, the implication is that 


Xo = lim C, = [a3 41, a2, ...] 
n—->O 


Let us sum up our conclusions in Theorem 15.7. 
Theorem 15.7. Every irrational number has a unique representation as an infinite con- 


tinued fraction, the representation being obtained from the continued fraction algorithm 
described. 


Incidentally, our argument reveals a fact worth recording separately. 


Corollary. If p,/q, is the nth convergent to the irrational number x, then 


1 1 


Gnt+19n 9 


Pn 
x-— 


Qn 


We give two examples to illustrate the use of the continued fraction algorithm 
in finding the representation of a given irrational number as an infinite continued 
fraction. 


Example 15.5. For our first example, consider x = /23 © 4.8. The successive irra- 
tional numbers x; (and therefore the integers a; = [x;,]) can be computed rather easily, 
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with the calculations exhibited below: 


xo = V23 = 44+ (V23 —-4) ap = 4 

1 1 423+ 4 23 — 3 
xy = Fo = 1 YH a,=1 

xo—[xo] J23-4 7 7 

1 7 23 + 3 qe —3 3 
i a ee —| ——_— ag=s 
ne eee kee 2 2 : 

1 2 23+ 3 (eee 1 
v= erorOq—- = —_—_—_——_ = ——- a= 
ae 23 —3 7 7 : 


= 1 - ‘| 
x3 bs] 23-4 
Because x5 = x1, also x6 = X2, X7 = X3, X3 = x4; then we get X9 = x5 = x), and so 
on, which means that the block of integers 1, 3, 1, 8 repeats indefinitely. We find that 
the continued fraction expansion of /23 is periodic with the form 
Wes =A Bee sale 
= [4;1, 3, 1, 8] 


= V7234+4=8+(V23-4) a=8 


X4 


Example 15.6. To furnish a second illustration, let us obtain several of the convergents 
of the continued fraction of the number 


mw = 3.141592653 - - - 


defined by the ancient Greeks as the ratio of the circumference of a circle to its diameter. 
The letter 2, from the Greek word perimetros, was never employed in antiquity for this 
ratio; it was Euler’s adoption of the symbol in his many popular textbooks that made 
it widely known and used. 

By straightforward calculations, we see that 


Xo = = 3+ @ — 3) ay = 3 
1 1 
a 70995 1380 = 
Perel = sas 8 265s a 
1 1 
gee pS OSU AIO =i 
2° eigal 106251380 ae = 
1 1 
Dy ee a ES ONE UG ae a4 
%—bm]  0.99659440--- 
1 1 
= = 292.63467--- a4, = 292 


%3—[%3]  0.00341723- 


Thus, the infinite continued fraction for 7 starts out as 
mn = (55h 191, 29204 e 1 


but, unlike the case of 23 in which all the partial denominators a, are explicitly 
known, there is no pattern that gives the complete sequence of a,. The first five 
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convergents are 
3 22 333 355 103993 


As acheck on the Corollary to Theorem 15.7, notice that we should have 
22) 4 
ad 7 
Now 314/100 < a < 22/7, and therefore 
| 22 22 314 1 
ee ae i 


= < 


< = < 
7 7 100 7-50 7 


as expected. 


Unless the irrational number x assumes some very special form, it may be 
impossible to give the complete continued fraction expansion of x. We can prove, 
for instance, that the expansion for x becomes ultimately periodic if and only if 
x is an irrational root of a quadratic equation with integral coefficients, that is, 
if x takes the form r + s/d, where r and s # (0) are rational numbers and d is 
a positive integer that is not a perfect square. But among other irrational numbers, 
there are very few whose representations seem to exhibit any regularity. An exception 
is another positive constant that has occupied the attention of mathematicians for 
many centuries, namely, 


é = 2.718281828 - - - 
the base of the system of natural logarithms. In 1737, Euler showed that 


e-—1 
= [0;2, 6, 10, 14, 18,... 
e+1 | eee 
where the partial denominators form an arithmetic progression, and that 
es] 
—— = [0;1,3,5,7,9,... 
er+1 ! 


The continued fraction representation of e itself (also found by Euler) is a bit more 
complicated, yet still has a pattern: 


Ca 2 lee Oval le acell 


with the even integers subsequently occurring in order and separated by two 1’s. 
With regard to the symbol e, its use is also original with Euler: it appeared in print 
for the first time in one of his textbooks. 

In the introduction to analysis, it is usually demonstrated that e can be defined 
by the infinite series 


= 1 1 1 1 
c= ao Moat a 
If the reader is willing to accept this fact, then Euler’s proof of the irrationality of e 
can be given very quickly. Suppose to the contrary that e is rational, say e = a/b, 
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where a and D are positive integers. Then for n > b, the number 


iS a positive integer because multiplication by n! clears all the denominators. When 
e is replaced by its series expansion, this becomes 


1 1 1 
N="(Contaem tase) 


1 1 ] 
a (GNC) Geb Das 
1 ] 1 


=a: GEG) GEEDGES 


= 1 1 1 ze 1 1 a 
eee aa n+1 n+2 n+2 n+3 


ph 
n+1 
Because the inequality 0 < N < 1 is impossible for an integer, e must be irrational. 
The exact nature of the number z offers greater difficulties; J. H. Lambert (1728- 
1777), in 1761, communicated to the Berlin Academy an essentially rigorous proof 
of the irrationality of z. 

Given an irrational number x, a natural question is to ask how closely, or with 
what degree of accuracy, it can be approximated by rational numbers. One way of 
approaching the problem is to consider all rational numbers with a fixed denominator 
b > 0. Because x lies between two such rational numbers, say c/b < x < (c + 1)/b, 
it follows that 


<1 


$<; 

—_— < — 

* pl b 
Better yet, we can write 

| a 1 

LS | = 

b 2b 


where a = c or a =c +1, whichever choice may be appropriate. The continued 
fraction process permits us to prove a result that considerably strengthens the last- 
written inequality, namely: Given any irrational number x, there exist infinitely many 
rational numbers a/b in lowest terms that satisfy 
a 

step 
In fact, by the corollary to Theorem 15.7, any of the convergents p,/q, of the 
continued fraction expansion of x can play the role of the rational number a/b. The 
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forthcoming theorem asserts that the convergents p,/q, have the property of being 
the best approximations, in the sense of giving the closest approximation to x among 
all rational numbers a/b with denominators q,, or less. 

For clarity, the technical core of the theorem is placed in the following lemma. 


Lemma. Let p,/q, be the nth convergent of the continued fraction representing the 
irrational number x. If a and b are integers, with 1 < b < qy+1, then 


IQnX — Pn| <|bx —a| 


Proof. Consider the system of equations 


Pno& + Pn+iB =a 
Gn + Gn4i1B = b 


As the determinant of the coefficients is Pn9n+41 — QnPn+1 = (—1)""!, the system has 
the unique integral solution 


a = (—1)"*!(agn41 — bPnti) 
B = (-1)"*! (bpp — agn) 


It is well to notice that a 4 0. In fact, a = 0 yields dqn41 = bpny; and, because 
gcd(pPnii, 9n+1) = 1, this means that g,41|b or b > Gnii, which is contrary to the 
hypothesis. In the event that 6 = 0, the inequality stated in the lemma is clearly true. 
For B = O leads toa = p,a, b = qna and, as a result, 


|bx —a|=|a||anx — Pal = 14nx — Pn | 


Thus, there is no harm in assuming hereafter that 6 4 0. 

When 6 + 0, we argue that a and 6 must have opposite signs. If 6 < 0, then 
the equation g,a@ = b — qni1B indicates that g,a > 0 and, in turn, a > 0. On the 
other hand, if 6 > 0, then b < g,4; implies that b < Bqn41, and therefore ag, = 
b — qn4iB < 0; this makes a < 0. We also infer that, because x stands between the 
consecutive convergents p,/@n and Pn+1/Gn41; 


GnX — Pn and Qn+1% — Pn+1 


will have opposite signs. The point of this reasoning is that the numbers 


(Gn = Pn) and BQn+ix _ Pn+1) 


must have the same sign; in consequence, the absolute value of their sum equals the 
sum of their separate absolute values. It is this crucial fact that allows us to complete 
the proof quickly: 
|bx —a| =| (no + Gn41B)X — (Pa® + Pn+iB) | 
= |@(@nx — Pn) + B@n41X — Pn+1)| 
=| |Gnx — Pal +181 1@n4ix — Pasi | 
> |@||Gnx — Pn | 


= |nX — Pn | 


which is the desired inequality. 
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The convergents p,/q, are best approximations to the irrational number x in 
that every other rational number with the same or smaller denominator differs from 


x by a greater amount. 


Theorem 15.8. If 1 < b < qn, the rational number a/b satisfies 


raed 
an Sees, | = Se 
| Ta et ae: 
Proof. If it were to happen that 
| = Bh le= S| 
Qn b 
then 
a 
\dnx — Pal = qn |x— 22] > b]x- S| = [bx —a 


violating the conclusion of the lemma. 


Historians of mathematics have focused considerable attention on the attempts 
of early societies to arrive at an approximation to 7, perhaps because the increas- 
ing accuracy of the results seems to offer a measure of the mathematical skills of 
different cultures. The first recorded scientific effort to evaluate 2 appeared in the 
Measurement of a Circle by the great Greek mathematician of ancient Syracuse, 
Archimedes (287-212 B.c.). Substantially, his method for finding the value of z 
was to inscribe and circumscribe regular polygons about a circle, determine their 
perimeters, and use these as lower and upper bounds on the circumference. By this 
means, and using a polygon of 96 sides, he obtained the two approximations in the 
inequality 


223/71 <a < 22/7 


Theorem 15.8 provides insight into why 22/7, the so-called Archimedean value 
of 7, was used so frequently in place of 7; there is no fraction, given in lowest terms, 
with a smaller denominator that furnishes a better approximation. Whereas 


(ioe = = 0.0012645 and > = = =~ 0.0007476 


Archimedes’ value of 223/71, which is not a convergent of 27, has a denominator 
exceeding q; = 7. Our theorem tells us that 333/106 (a ratio for 2 employed in 
Europe in the 16th century) will approximate 2 more closely than any rational 
number with a denominator less than or equal to 106; indeed, 


333 
mz — —— | &© 0.0000832 
106 
Because of the size of g4 = 33102, the convergent p3/q3 = 355/113 allows one 
to approximate 2 with a striking degree of accuracy; from the corollary to 
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Theorem 15.7, we have 


355 1 3 
1 < —————__. < — 
113 113 - 33102 107 


The noteworthy ratio of 355/113 was known to the early Chinese mathematician 
Tsu Chung-chi (430-501); by some reasoning not stated in his works, he gave 22/7 
as an “inaccurate value” of z and 355/113 as the “accurate value.” The accuracy of 
the latter ratio was not equaled in Europe until the end of the 16th century, when 
Adriaen Anthoniszoon (1527-1617) rediscovered the identical value. 

This is a convenient place to record a theorem that says that any “close” (in a 
suitable sense) rational approximation to x must be a convergent to x. There would 
be a certain neatness to the theory if 


Fl <s 
x--|<=> 
b b2 
implied that a/b = p,/qn for some n; although this is too much to hope for, a slightly 
sharper inequality guarantees the same conclusion. 


Theorem 15.9. Let x be an arbitrary irrational number. If the rational number a/b, 
where b > 1 and gcd(a, b) = 1, satisfies 


Beaks 
x--|<= 
b 2b? 
then a/b is one of the convergents p,,/q, in the continued fraction representation of x. 
Proof. Assume that a/b is not a convergent of x. Knowing that the numbers gq; form 


an increasing sequence, there exists a unique integer n for which g, < b < qn41. For 
this n, the last lemma gives the first inequality in the chain 


a 1 
eee eee 
|QnX — Pn| <|bx —a| 5 | 
which may be recast as 
Pn 1 
x-—|< 
Qn |  2bqn 


In view of the supposition that a/b # p,/qn, the difference bp, — ag, 1s a nonzero 
integer, whence | < | bp, — aq, |. We are able to conclude at once that 


aN 2 ane a eee 
bdn ban an b an b 2b4gn 2b? 


This produces the contradiction b < q,, ending the proof. 


< 


ieee les 


PROBLEMS 15.3 


1. Evaluate each of the following infinite simple continued fractions: 
(a) [2;3]. 
(b) [0; 1, 2, 3]. 
(c) [2;1, 2, 1]. 


10. 


11. 
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(G)1[1 2341. 
(e) [1;2, 1, 2, 12]. 


. Prove that if the irrational number x > 1 is represented by the infinite continued fraction 


[a0; 41, a2, ...], then 1/x has the expansion [0; do, a1, a2, ...]. Use this fact to find the 
value of [0; 1, 1,1,...] = [05 1]. 


. Evaluate [1;2, 1] sid [1;2, 3, 1]. 
. Determine the infinite continued fraction representation of each irrational number below: 


(a) V5. 
(b) V7. 
ieee ee 


s+ /5) 


(d) ———— 
ea 


eer ees 


. (a) For any positive integer n, show that /n? + 1 = [n;2n], /n? + 2 = [n;n, 2n] and 
aes g J 


n2 + 2n = [n;1, 2n]. 
[Hint: Notice that 


n+vV¥n24+1=2n+ (Vn? +1—-—n) = 22 + ———— aS 
n n 


(b) Use part (a) to obtain the continued fraction representations of /2, /3, /15, and 
/ 37. 


. Among the convergents of /15, find a rational number that approximates 15 with 


accuracy to four decimal places. 


. (a) Find a rational approximation to e = [2;1, 2, 1,1, 4,1, 1, 6, ...] correct to four dec- 


imal places. 
(b) If a and b are positive integers, show that the inequality e < a/b < 87/32 implies 
that b > 39. 


. Prove that of any two consecutive convergents of the irrational number x, at least one, 


a/b, satisfies the inequality 


a 
als 
[Hint: Because x lies between any two consecutive convergents, 
Pnt1 _ Pn 


QnQn+1 Qn+1 Qn 
Now argue by contradiction. ] 


Pn+1 
Gn+l 


alee 


. Given the infinite continued fraction [1;3, 1,5, 1,7, 1,9, ...], find the best rational ap- 


proximation a/b with 

(a) denominator b < 25. 

(b) denominator b < 225. 

First show that | (1 + /10)/3 — 18/13| < 1/(2- 13) and then verify that 18/13 is a 
convergent of (1 + /10)/ i 

A famous theorem of A. Hurwitz (1891) says that for any irrational number x, there exist 
infinitely many rational numbers a/b such that 


Eee a a 
5b? 


Taking x = 7, obtain three rational numbers satisfying this inequality. 
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12. Assume that the continued fraction representation for the irrational number x ultimately 
becomes periodic. Mimic the method used in Example 15.4 to prove that x is of the form 
r + s\/d, where r and s 0 are rational numbers and d > 0 is a nonsquare integer. 

13. Let x be an irrational number with convergents p,/q,. For every n > 0, verify the fol- 
lowing: 
(a) 


24n9n+1 dn 9nQn+1 ; : 
(b) The convergents are successively closer to x in the sense that 


< 


| Pact 
SS = —————— 


[Hint: Rewrite the relation 


Xn+1Pn ao Pn-1 
Xn+19n i Gn-1 


as Xn41(Xn oa Pn) — —Gn-1(x - Pn—1/4n-1)-] 


15.4 FAREY FRACTIONS 


Another approach to approximating real numbers by rationals uses what is known 
as Farey fractions, or the Farey sequence. For a positive integer n, these are defined 
as follows: 


Definition 15.4. The Farey fractions of order n, denoted F,,, are a set of rational num- 
bers z with 0 < r < s <n and gcd(r, s) = 1. They are written in order of increasing 
size. The first few F,, are 


fy = 


14°3°2°3"4' 1 
Re 0 see lnetea ie ene a ac She ees a | 
2a 1 504-53. 5 ees ee 
R= Oa Tok a2 es 2 A 
Oca GS aes SS Se ASS I 
Notice that the fractions that occur in any F,, will thereafter occur in any F,,, form > n. 
Farey fractions have a curious history. The English geologist John Farey (1766— 
1826) published, without proof, several properties of this series of fractions in the 
Philosophical Magazine in 1816. The mathematician Augustin Cauchy saw the article 
and supplied the demonstrations later in the same year, naming the fractions after Farey. 
It subsequently turned out that C. H. Haros had proved the results 14 years earlier, in the 
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Journal de l’Ecole Polytechnique. Farey, of course, had never claimed to have proved 
anything. 

We begin our investigation with one of the results stated by Farey but established 
earlier by Haros. 


Theorem 15.10. If ¢ < 4 are consecutive fractions in the Farey sequence F,,, then 
be — ad = 1. 


Proof. Because gcd(a, b) = 1, the linear equation bx — ay = 1 has asolution x = xo, 
y = yo. Moreover, x = x9 +. at, y = yo + bt will also be a solution for any integer ¢. 
Choose t = fg so that 


O<n-—b<yotbit<n 
and set x = x9 + bto, y = yo + btp. Since y <n, = will be a fraction in F,,. Also, 


x a 1 a 


y bby b 


so that = occurs later in the Farey sequence than ¢. If > 4 £, then > £ and we obtain 
y seq b d d 
y y y 


as well as 


Adding the two inequalities gives 


x a 1 1 b+y 


y b-dy bd bdy 
But b+ y > n (recall that n — b < y) andd < n, resulting in the contradiction 


1 bx-ay x a_bty ge 


by by yb bdy ~ bdy ~ by 


Thus, a = _ and the equation bx — ay = 1 becomes bc — ad = 1. 


If ¢ < 4 are two fractions in the Farey sequence F,,, we define their mediant 


fraction to be the expression ge . Theorem 15.10 allows us to conclude that the 


d 
mediant lies between the given fractions. For the relations 
a(b+d)— b(a+c)=ad—bc <0 
(a+c)d—(b+d)c =ad —bc <0 


together imply that 
a a+c Cc 
— < — 
b b+d d 
Notice that if : < 7 are consecutive fractions in F,,andb +d <n, then the mediant 


would be a member of F,, lying between them, an obvious contradiction. Thus, for 
successive fractions,b+d>n-+1. 


336 ELEMENTARY NUMBER THEORY 


It can be shown that those fractions that belong to F;,,; but not to F,, are mediants 
of fractions in F,,. In passing from Fy to F's, for instance, the new members are 


1 O+1 2 141 3 142 4 341 


Sn Oe ere ey) oe ae ee 
This enables one to build up the sequence F,,,; from F,, by inserting mediants with 
the appropriate denominator. 

In using the mediant of two fractions in F, to obtain a new member of F,,+1, 
the three fractions need not be consecutive in F,,,; (consider 5 < : < $ in Fg). We 
can say that if $ < § < F are three consecutive fractions in any Farey sequence, 
then 5 is the mediant of ¢ and F For, appealing once more to Theorem 15.10, the 


equations 
be -—ad=1 de-cf =1 
lead to (a + e)d = c(b + f). It follows that 


Cc at+e 
d b+f 
which is the mediant of ; and F As an illustration, the three fractions ‘ < 2 < : 


are consecutive in Fg with < = ait. 


Let us apply some of these ideas to show how an irrational number can be 
approximated, relatively well, by a rational number. 


Theorem 15.11. For any irrational number 0 < x < 1 and integern > 0, there exists 
a fraction * in F, such that |x — “| < 


1 
v(n+1)° 


Proof. In the Farey sequence F,,, there are consecutive fractions ¢ < 4 such that either 


a a+c at+c Cc 
bee sper Rea oy = a 
where ae is the mediant of the two fractions. Because we know bc — ad = 1 and 
b+d>n-+1, we can see that either 
a a+c a bc — ad 1 
eR Bea we HO OED 
or 
c ate bc — ad 1 
Eo eg bee eae) dace 
Depending on the case, take “ = f or ¢ = §. 


This result can be extended beyond the unit interval with the following corollary. 


Corollary. Given a positive irrational number x and an integer > 0, there is a rational 


a ws a 1 
number | with 0 < b <n such that |x — | < bat: 
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Proof. The greatest integer function allows us to write x = [x] +r where 0 <r < 1. 
By the theorem, there is a fraction . for which 


eles 

r——| < —— 
vn+1) 

Taking a = [x]v + uv and b = v, it follows that 


4: [x]v +u 
v 


| “| 1 1 
= |r -—-—-| << —— = —— 
v vn+1) ba+1) 


aa 

Rae ee 
b 

Hence everything is proved. 


We finish with an example illustrating the corollary. 


Example 15.7. Let us determine a fraction : withO < b < 5 such that i. — al < zs: 


The greatest integer function yields [V7] — 2 = 0.64755.... For the Farey sequence 
Fs, the value 0.64755... lies in the interval between consecutive fractions 2 and z. 
The mediant of the two fractions is 3 = 0.625 so that 3 < 0.64755....It follows from 
Theorem 15.11 that 


1 


0164785<..= 2 < —— 
6-3 


3 


The argument employed in the corollary shifts this inequality into 


7 


<—_— 


6-3 


so that 8 is the fraction sought. 


PROBLEMS 15.4 


1. List in ascending order the fractions that appear in the Farey sequences F7 and Fs. 
2. In terms of the Euler ¢-function, show that the number of fractions in the Farey sequence 
F, is 1+ (01) + (2) +---+(n). 


3. If ¢ < 7 are consecutive fractions in the sequence F,,, prove that either b > 5 ord > 


4. Verify that if ¢ < 4 are two fractions in F,, adjacent to +, then? + 7=1. 

5. Obtain the immediate successor to the fraction 3 in the Farey sequence F,. 
[Hint: Use the initial part of Theorem 15.10.] 

6. Find a fraction ¢, with 0 < b < 7, such that |/3 — 


| 
7. Obtain a fraction = with 0 < b < 8, satisfying |x — al < 


n 
2° 


15.5 PELL’S EQUATION 


What little action Fermat took to publicize his discoveries came in the form of 
challenges to other mathematicians. Perhaps he hoped in this way to convince 
them that his new style of number theory was worth pursuing. In January of 1657, 
Fermat proposed as a challenge to the European mathematical community—thinking 
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probably in the first place of John Wallis, England’s most renowned practitioner be- 
fore Newton—a pair of problems: 


1. Find a cube which, when increased by the sum of its proper divisors, becomes a 
square; for example, 7° + (1 + 7+ 77) = 20°. 

2. Find a square which, when increased by the sum of its proper divisors, becomes 
a cube. 


On hearing of the contest, Fermat’s favorite correspondent, Bernhard Frénicle de 
Bessy, quickly supplied a number of answers to the first problem; typical of these 
is (2-3-5-13-41-47)°, which when increased by the sum of its proper divisors 
becomes (27 - 3* - 5% - 7-13-17 - 29)”. While Frénicle advanced to solutions in still 
larger composite numbers, Wallis dismissed the problems as not worth his effort, 
writing, “Whatever the details of the matter, it finds me too absorbed by numerous 
occupations for me to be able to devote my attention to it immediately; but I can 
make at this moment this response: The number 1 in and of itself satisfies both 
demands.” Barely concealing his disappointment, Frénicle expressed astonishment 
that a mathematician as experienced as Wallis would have made only the trivial 
response when, in view of Fermat’s stature, he should have sensed the problem’s 
greater depths. 

Fermat’s interest, indeed, lay in general methods, not in the wearying compu- 
tation of isolated cases. Both Frénicle and Wallis overlooked the theoretic aspect 
that the challenge problems were meant to reveal on careful analysis. Although the 
phrasing was not entirely precise, it seems clear that Fermat had intended the first of 
his queries to be solved for cubes of prime numbers. To put it otherwise, the problem 
called for finding all integral solutions of the equation 


l+x4tx74+x7 =y’ 
or equivalently, 
(l+x)(1 +x) = y* 


where x is an odd integer. Because 2 is the only prime that divides both factors on 
the left-hand side of this equation, it may be written as 


ab = (2) gcd(a, b) = 1 


But if the product of two relatively prime integers is a perfect square, then each of 
them must be a square; hence, a = u*, b = v2 for some u and v, so that 


1+x =2a =2u? 14x? =2b=2v? 


This means that any integer x that satisfies Fermat’s first problem must be a solution 
of the pair of equations 


x =2u?-1 x? =2v?-1 


the second being a particular case of the equation x” = dy” + 1. 
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In February 1657, Fermat issued his second challenge, dealing directly with the 
theoretic point at issue: Find a number y that will make dy” + 1 a perfect square, 
where d is a positive integer that is not a square; for example, 3 - 17 + 1 = 2? and 
5.441 = 9. If, said Fermat, a general rule cannot be obtained, find the small- 
est values of y that will satisfy the equations 6ly” + 1 = x*; or 109y? +. 1 = x”. 
Frénicle proceeded to calculate the smallest positive solutions of x? — dy? = 1 for 
all permissible values of d up to 150 and suggested that Wallis extend the table to 
d = 200 or at least solve x” — 151y? = 1 and x? — 313y? = 1, hinting that the sec- 
ond equation might be beyond Wallis’s ability. In reply, Wallis’s patron Lord William 
Brouncker of Ireland stated that it had only taken him an hour or so to discover 
that 


(126862368)* — 313(7170685)? = —1 


and therefore y = 2-7170685 - 126862368 gives the desired solution to 
x* — 313 ye = 1; Wallis solved the other concrete case, furnishing 


(1728148040)? — 151(140634693)? = 1 


The size of these numbers in comparison with those arising from other values 
of d suggests that Fermat was in possession of a complete solution to the problem, 
but this was never disclosed (later, he affirmed that his method of infinite descent 
had been used with success to show the existence of an infinitude of solutions 
of x* — dy” = 1). Brouncker, under the mistaken impression that rational and not 
necessarily integral values were allowed, had no difficulty in supplying an answer; 
he simply divided the relation 


(r? +d)’ — d(2ry = (r? — dy 
by the quantity (r? — d)* to arrive at the solution 
a) r-+d 2r 
— ped 


Xx 


where r # J/d is an arbitrary rational number. This, needless to say, was rejected by 
Fermat, who wrote that “solutions in fractions, which can be given at once from the 
merest elements of arithmetic, do not satisfy me.” Now informed of all the conditions 
of the challenge, Brouncker and Wallis jointly devised a tentative method for solving 
x* — dy* = 1 inintegers, without being able to give a proof that it will always work. 
Apparently the honors rested with Brouncker, for Wallis congratulated Brouncker 
with some pride that he had “preserved untarnished the fame that Englishmen have 
won in former times with Frenchmen.” 

After having said all this, we should record that Fermat’s well-directed effort 
to institute a new tradition in arithmetic through a mathematical joust was largely 
a failure. Save for Frénicle, who lacked the talent to vie in intellectual combat with 
Fermat, number theory had no special appeal to any of his contemporaries. The 
subject was permitted to fall into disuse, until Euler, after the lapse of nearly a 
century, picked up where Fermat had left off. Both Euler and Lagrange contributed 
to the resolution of the celebrated problem of 1657. By converting \/d into an infinite 
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continued fraction, Euler (in 1759) invented a procedure for obtaining the smallest 
integral solution of x* — dy? = 1; however, he failed to show that the process leads 
to a solution other than x = 1, y = 0. It was left to Lagrange to clear up this matter. 
Completing the theory left unfinished by Euler, in 1768 Lagrange published the 
first rigorous proof that all solutions arise through the continued fraction expansion 
of Jd. 

As a result of a mistaken reference, the central point of contention, the equation 
x* — dy” = 1, has gone into the literature with the title “Pell’s equation.” The erro- 
neous attribution of its solution to the English mathematician John Pell (1611-1685), 
who had little to do with the problem, was an oversight on Euler’s part. On a cur- 
sory reading of Wallis’s Opera Mathematica (1693), in which Brouncker’s method 
of solving the equation is set forth as well as information as to Pell’s work on 
Diophantine analysis, Euler must have confused their contributions. By all rights we 
should call the equation x? — dy* = 1 “Fermat’s equation,” for he was the first to 
deal with it systematically. Although the historical error has long been recognized, 
Pell’s name is the one that is indelibly attached to the equation. 

Whatever the integral value of d, the equation x* — dy”? = 1 is satisfied trivially 
by x = +1, y =0.Ifd < —1, then x* — dy” > 1 (except when x = y = 0) so that 
these exhaust the solutions; when d = —1, two more solutions occur, namely, x = 0, 
y = +1. The case in which d is a perfect square is easily dismissed. For if d = n” 
for some n, then x? — d y? = 1 can be written in the form 


(x + ny)(x —ny) = 1 
which is possible if and only if x + ny = x —ny = +1; it follows that 


po SES) =. 
2 


and the equation has no solutions apart from the trivial ones x = +1, y = 0. 

From now on, we shall restrict our investigation of the Pell equation x” — dy? = 1 
to the only interesting situation, that where d is a positive integer that is not a square. 
Let us say that a solution x, y of this equation is a positive solution provided both x 
and y are positive. Because solutions beyond those with y = 0 can be arranged in 
sets of four by combinations of signs +x, +y, it is clear that all solutions will be 
known once all positive solutions have been found. For this reason, we seek only 
positive solutions of x* — dy* = 1. 

The result that provides us with a starting point asserts that any pair of posi- 
tive integers satisfying Pell’s equation can be obtained from the continued fraction 
representing the irrational number /d. 


+1 


Theorem 15.12. If p,q isa positive solution of x? — dy* = 1, then p/q isaconvergent 
of the continued fraction expansion of Jd ; 


Proof. In light of the hypothesis that p* — dq* = 1, we have 
(p —qvd\(p + qV ad) = 1 


CONTINUED FRACTIONS 
implying that p > q as well as that 
LY Fae 
q q(p + qvd) 
As a result, 
d d 1 


d< = = 
q qiqqVd+qvVd) 2q?Vd_—_2q? 


A direct appeal to Theorem 15.9 indicates that p/gq must be a convergent of Jd. 
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In general, the converse of the preceding theorem is false: not all of the con- 
vergents Dy/qdn of /d supply solutions to x2 — dy” = 1. Nonetheless, we can say 


something about the size of the values taken on by the sequence p? — dq?. 


Theorem 15.13. If p/q is a convergent of the continued fraction expansion of Vd, 


then x = p, y = q is a solution of one of the equations 
x7 —-dy =k 


where |k| < 1 + 2d. 


Proof. If p/q is a convergent of Vd, then the corollary to Theorem 15.7 guarantees 


that 
1 


<-—_ 


as 
q| @ 


and therefore 
1 
|p -—qvd|<-— 
q 
This being so, we have 


|p +qVd|=|(p — qvd) + 2qva | 
<|p—qvd|+|2qvad| 


1 
<—+29qVd <(1+2Vd)q 
q 
These two inequalities combine to yield 
| p> —dq?| =|p—4qvd\|p+qvd| 


1 
< a + 2V/d)q 
=1+2Vd 


which is precisely what was to be proved. 
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In illustration, let us take the case of d = 7. Using the continued fraction ex- 
pansion JT = [2;1, 1, 1, 4], the first few convergents of /7 are determined to be 


2113) 15 3/2,.8/ 35% os 
Running through the calculations of p* — 7q?, we find that 
?-7-P=-3 8P-7-P=2 SH -7-P=-3 8-7-3 =1 


whence x = 8, y = 3 provides a positive solution of the equation x” — 7y* = 1. 

Although a rather elaborate study can be made of periodic continued fractions, 
it is not our intention to explore this area at any length. The reader may have noticed 
already that in the examples considered so far, all the continued fraction expansions 
of /d took the form 


J/d = [a9;@], @2,...,4n | 


that is, the periodic part starts after one term, this initial term being [/d]. It is also 
true that the last term a, of the period is always equal to 2aq and that the period, 
with the last term excluded, is symmetrical (the symmetrical part may or may not 
have a middle term). This is typical of the general situation. Without entering into 
the details of the proof, let us simply record the fact: if d is a positive integer that 
is not a perfect square, then the continued fraction expansion of Vd necessarily has 
the form 


Vd = [ap; a1, 42, a3, ..., 43, G2, 41, 249] 
In the case in which d = 19, for instance, the expansion is 
¥19 = [4;2, 1, 3,1, 2, 8] 
whereas d = 73 gives 
V73 = (8;1,1,5,5, 1, 1, 16] 
Among all d < 100, the longest period is that of /94, which has 16 terms: 


OF = Or 2 Bel Lode el 382 S| 
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The following is a list of the continued fraction expansions of //d, where d is a 
nonsquare integer between 2 and 40: 


2 = (02 /22 = [4;1, 2, 4, 2, 1, 8] 
WS Sle /23 = [4;1, 3,1, 8] 
J5 = [2:4] /24 = [4;1, 8] 

/6 = [2;2, 4] /26 = [5; 10] 

J/7 = [2;1,1, 1, 4] /27 = [5;5, 10] 

V8 = [2;1, 4] /28 = [5;3, 2, 3, 10] 
10 = [3;6] /29 = [5;2, 1, 1, 2, 10] 
V11 = [3;3, 6] /30 = [5;2, 10] 

V12 = [3;2, 6] af 31 = (541; 19355530, 100) 
/13 = [3;1,1, 1,1, 6] /32 = [5;1, 1, 1, 10] 

14 = [3;1, 2,1, 6] Bd = [5:15 2, 10) 

15 = [3;1, 6] /34 = [5;1,4, 1, 10] 

V17 = [4;8] V35 = [5;1, 10] 

V18 = [4;4, 8] /37 = [6; 12] 

V19 = [4;2,1,3,1,2,8] 38 = [6;6, 12] 

/20 = [4;2, 8] /39 = [6;4, 12] 


V21 = [4;1,1,2,1,1,8] 740 = [6;3, 12] 


Theorem 15.12 indicates that if the equation x? — dy” = 1 possesses a solution, 


then its positive solutions are to be found among x = px, y = qx, where px/qx 
are the convergents /d. The period of the continued fraction expansion of /d 
provides the information we need to show that x” — dy” = 1 actually does have a 
solution in integers; in fact, there are infinitely many solutions, all obtainable from 
the convergents of Jd. 

An essential result in our program is that if n is the length of the period of the 
continued fraction expansion for Jd, then the convergent Pxn—1/Qkn—1 Satisfies 


pe. dg? =") — kk = 1, 2,3, .: 


Before establishing this, we should recall that the expansion Kd = (a5? ai s@50.+.] 
was obtained by first defining 


1 


X~ — [xx] 
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fork = 0,1,2,..., and then setting a, = [x,] when k > 0. Thus, the x, are all 
irrational numbers, the a; are integers and these are related by the expression 
1 
i= —— FEN 
Xk — Ak 


Another preliminary is the following somewhat technical lemma. 


Lemma. Given the continued fraction expansion Jd = [a9; 4, a2, ...], define s; and 
t, recursively by the relations 


So = 0 to = 1 


Sk+1 = Antk — Sx tk. = —— B= Or G24. 
Then 


(a) s, and & are integers, with 4 0. 
(b) t|(d — sf). 
(c) xp = (sp + Vd)/t, for k > 0. 


Proof. We proceed by induction on k, noting that the three assertions clearly hold when 
k = 0. Assume they are true for a fixed positive integer k. Because a;, sy, and t are 
all integers, 5,41; = axt, — 5s, will likewise be an integer. Also, t,,; 4 0, for otherwise 
Z= we 1. contrary to the supposition that d is not a square. The equation 
2 2 
d—Siy1 d= 


Ss 
k 
ike = st Oy — ap ty) 
tk tk 


where t;|(d — s7) by the induction hypothesis, implies that t,4; is an integer; whereas 
hl = ad — sz 41 gives tk11|(d — ee 1). Finally, we obtain 


1 tk 
1 = —— = ———_ 
aera (s, + Vd) — thay 
Vd = sx41 
— telseg1 +Vd) Seyi + Vd 
d= S244 Tk+1 


and so (a), (b), and (c) hold in the case of k + 1, hence for all positive integers. 


We need one more collateral result before turning to the solutions of Pell’s 
equation. Here we tie the convergents of \/d to the integers of t, of the lemma. 


Theorem 15.14. If p;/q; are the convergents of the continued fraction expansion of 


a/d then 


pe —dqz =(-1)* 41 = where, >0 &=0,1,2,3,... 
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Proof. For Vd = [ao3a, a2... , ax, Xe4.1], we know that 


nee Xk41Pk + Pr-1 
Xk419k + Qk-1 


Upon substituting x44; = (Sk41 + Jd)/ t41 and simplifying, this reduces to 


Vd (se419k + thes19k—1 — Pk) = Sk41 Dk + tea Pe_1 — dqn 


Because the right-hand side is rational and Jd is irrational, this last equation requires 
that 


Sk41Qk + tk+iGk—-1 = Pk and Sx Pe + te41Pk—-1 = dgx 


The effect of multiplying the first of these relations by p; and the second by —gq,;, and 
then adding the results, is 


De — gy = thsi Peqe—1 — Pk-19%) 
But Theorem 15.3 tells us that 
PEA — peg = Cl =e 
and so 
Bie day = (1) tet 
Let us next recall from the discussion of convergents that 
Cx < Vd < Cry k>0 


Because C, = px/qx, we deduce that pe — dq? < 0 for k even and De — dq > 0 for 
k odd. Thus, the left-hand side of the equation 


2 _ dgq2 t 
PE Ik et ee 


Pi_-1 — 49¢_1 Tk 


is always negative, which makes t+1/t positive. Starting with t; = d — aj, > 0, we 
climb up the quotients to arrive at %4; > 0. 


A matter of immediate concern is determining when the integer t; = 1. We settle 
this question below. 


Corollary. If n is the length of the period of the expansion of /d, then 
t;=1 if and only if nj 


Proof. For Vd = [aj;@, a, .. +) Gn J, we have 


Xkn4+1 = X1 = 05 ew: 
Hence, 
Sins t+ Vd sit vd 
lkn+1 ty 
or 


Vd(tins1 — th) = Skn+ihi — Sitkn+1 
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The irrationality of //d implies that 
Tkn+1 = fy Skn+1 = 5] 
But then 
th =d —s} =d — Spi, = tenting = bint 


and so tj, = 1. The net result of this is that t; = 1 whenever n|j. 
Going in the other direction, let j be a positive integer for which t; = 1. Then 


xj=sjt+ Jd and, on taking integral parts, we can write 
[x;] = Sj + [Vd] = Sj + do 


The definition of x;+1 now yields 


1 
xj = [xj] + — =s; +a0+ 
: : Xj+1 ‘ Xj+l 


Putting the pieces together 


1 1 
ay + — =x9 = Vd =x; — 5; = a9 + — 


x1 Xj+ 
therefore, xj; = x. This means that the block a), a2,...,a; of j integers keeps 
repeating in the expansion of /d. Consequently, j must be a multiple of the length n 


of the period. 
_For a brief illustration, let us take the continued fraction expansion J15 = 
[3; 1, 6]. Its period is of length 2 and the first four convergents are 
3/1, 4/1, 27/7, 31/8 
A calculation shows that 
3° 15-17 =27- 15-7 =-6 
qe AS 131? 1568-1 


Hence, ty} = 3 = 6andh =%4 = 1. 
We are finally able to describe all the positive solutions of the Pell equation 
x? — dy? = 1, where d > 0 is a nonsquare integer. Our result is stated as 


Theorem 15.15. Let p;/q, be the convergents of the continued fraction expansion of 
Jd and let n be the length of the expansion. 


(a) If n is even, then all positive solutions of x* — dy” = 1 are given by 
X = Pkn-1 Y = Qkn-1 eae aa 
(b) If n is odd, then all positive solutions of x? — dy* = 1 are given by 


x= P2kn-1 y = Q2kn-1 k= 1; 2 ee 
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Proof. It has already been established in Theorem 15.12 that any solution x9, yo of 
x* — dy? = 1 is of the form xp = Pj, Yo = 9g; for some convergent p;/qj; of Jd. By 
the previous theorem, 


py = aq, (1) 4 


which implies that j + 1 is an even integer and t;,,; = 1. The corollary tells us that 
n|(j + 1), say j + 1 = nk for some k. If n is odd, then k must be even, whereas if n is 
even then any value of k suffices. 


Example 15.8. As a first application of Theorem 15.15, let us again consider the 
equation x? — 7y? = 1. Because V7 = [2;1, 1, I, 4], the initial 12 convergents are 


2/1, 3/1, 5/2, 8/3, 37/14, 45/17, 82/31, 127/48, 
590/223, 717/271, 1307/494, 2024/765 


Because the continued fraction representation of 7 has a period of length 4, the 
numerator and denominator of any of the convergents p4,—1/q4x—1 form a solution of 
x? — Ty? = 1. Thus, for instance, 


Paes “a127/49 2! =2004/765 
93 q7 ql 


give rise to the first three positive solutions; these solutions are x; = 8, y,; = 3; 
x2 = 127, yo = 48; x3 = 2024, y3 = 765. 


Example 15.9. To find the solution of x? — 13y* = 1 in the smallest positive integers, 
we note that V 13 = [3;1, 1, 1, 1, 6] and that there is a period of length 5. The first 10 
convergents of / 13 are 


3/1, 4/1, 7/2, 11/3, 18/5, 119/33, 137/38, 256/71, 393/109, 649/180 


With reference to part (b) of Theorem 15.15, the least positive solution of x* —13y? = 1 
is obtained from the convergent p9/q9 = 649/180, the solution itself being x; = 649, 
y= 180. 


There is a quick way to generate other solutions from a single solution of Pell’s 
equation. Before discussing this, let us define the fundamental solution of the equa- 
tion x? — dy* = 1 to be its smallest positive solution. That is, it is the positive 
solution x9, yo with the property that x9 < x’, yo < y’ for any other positive solu- 
tion x’, y’. Theorem 15.15 furnishes the following fact: If the length of the period 
of the continued fraction expansion of /d is n, then the fundamental solution of 
x? — dy? =1is given by x = Pn_-1, Y = Gn_-1 When n is even; and by x = poy-1, 
Y = Q2n_-1 when n is odd. Thus, the equation x7 =d y? = 1 can be solved in either 
n or 2n steps. 

Finding the fundamental solution can be a difficult task, because the numbers in 
this solution can be unexpectedly large, even for comparatively small values of d. For 
example, the innocent-looking equation x* — 991y? = 1 has the smallest positive 
solution 


x = 3795164009068 1 1930638014896080 
y = 1205573579033 1359447442538767 
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The situation is even worse with x? — 1000099y? = 1, where the smallest positive 
integer x satisfying this equation has 1118 digits. Needless to say, everything depends 
upon the continued fraction expansion of /d and, in the case of /1000099, the 
period consists of 2174 terms. 

It can also happen that the integers needed to solve x? — dy” = 1 are small fora 
given value of d and very large for the succeeding value. A striking illustration of this 
variation is provided by the equation x” — 61y” = 1, whose fundamental solution 
is given by 


x = 1766319049 y = 226153980 


These numbers are enormous when compared with the case d = 60, where the 
solution is x = 31, y = 4 or with d = 62, where the solution is x = 63, y = 8. 

With the help of the fundamental solution—which can be found by means of 
continued fractions or by successively substituting y = 1, 2,3, ... into the expres- 
sion 1 + dy? until it becomes a perfect square—we are able to construct all the 
remaining positive solutions. 


Theorem 15.16. Let x), y; be the fundamental solution of x* — dy* = 1. Then every 
pair of integers x,, y, defined by the condition 


Xn + ynVd = (x1 + Vd)" {a oe a 


is also a positive solution. 


Proof. It is a modest exercise for the reader to check that 
Xn — ynvd = (x; — yd)" 


Further, because x; and y; are positive, x, and y, are both positive integers. Bearing 
in mind that x), y; is a solution of x? — dy” = 1, we obtain 


ae = dy, = On + ynVd)\(xn = Yaw) 
= (x1 + yd)" — yd)" 
=i =a =" =4 


and therefore x,, y, is a solution. 
Let us pause for a moment to look at an example. By inspection, it is seen that 


x1 = 6, y; = 1 forms the fundamental solution of x? — 35y* = 1. Asecond positive 
solution x2, y2 can be obtained from the formula 


x2 + yoV35 = (64 V35)" = 71 + 1235 


which implies that x2 =71, y2=12. These integers satisfy the equation 
x* — 35y” = 1, because 


71* — 35-127 = 5041 — 5040 = 1 
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A third positive solution arises from 


x3 + y3V35 = (6+ 35) 
= (71 + 12\/35)(6 + 35) = 846 + 143/35 
This gives x3 = 846, y3 = 143, and in fact, 
846* — 35 - 143? = 715716 — 715715 = 1 


so that these values provide another solution. 
Returning to the equation x” — dy* = 1, our final theorem tells us that any 
positive solution can be calculated from the formula 


Xn + yavd = (x1 + yivd”" 


where n takes on integral values; that is, if u, v is a positive solution of yd ye = 
then u = X,,V = y, for a suitably chosen integer n. We state this as Theorem 15.17. 


Theorem 15.17. If x;, y; is the fundamental solution of x? — dy* = 1, then every 
positive solution of the equation is given by x,, yn, where x, and y, are the integers 
determined from 


Xntynvd=(1+yiVdy""  n=1,2,3,... 
Proof. In anticipation of a contradiction, let us suppose that there exists a positive 
solution u, v that is not obtainable by the formula (x; + y,/d)". Because x; +y;/d>1, 


the powers of x; + yd become arbitrarily large; this means that u + v/d must lie 
between two consecutive powers of x; + yd , Say, 


(x1 + yd)" <utvvd < (x; + y,Vd)""? 
or, to phrase it in different terms, 
Xn t+ ynvd <utvvd < (Gn + yrV d(x + yiVd) 


On multiplying this inequality by the positive number x, — y,/d and noting that 
x? — dy” = 1, we are led to 


1 < (x, - yaw du +vVd) <x, + yivd 
Next define the integers r and s by r + sJd = (Xn — Yn JVdy(u + v/d); that is, let 
r =X,u — ynvd S = XpnV — yn 
An easy calculation reveals that 
r* —ds* = (x2 — dy2)(w? — dv’) =1 
and therefore r, s is a solution of x? — dy* = 1 satisfying 
L<rtsVd <x + yivd 


Completion of the proof requires us to show that the pair, s is a positive solution. 
Because 1 < r + sJd and (r + sVd)(r — sd) = 1, we find that 0 < r—sJd <1. 
In consequence, 

dr =(rt+sVd)+(r—sVd)>1+0>0 
wJ/d =(r+sV/d)—(r —sVd)>1—-1=0 
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which makes both r and s positive. The upshot is that because x;, y; is the fundamental 
solution of x? — dy” = 1, we must have x; <r and y; < s; but then x; + yivd < 
r + s\d, violating an earlier inequality. This contradiction ends our argument. 


Pell’s equation has attracted mathematicians throughout the ages. There is his- 
torical evidence that methods for solving the equation were known to the Greeks 
some 400 years before the beginning of the Christian era. A famous problem of 
indeterminate analysis known as the “cattle problem” is contained in an epigram 
sent by Archimedes to Eratosthenes as a challenge to Alexandrian scholars. In it, 
one is required to find the number of bulls and cows of each of four colors, the eight 
unknown quantities being connected by nine conditions. These conditions ultimately 
involve the solution of the Pell equation 


x? — 4729494y* = 1 


which leads to enormous numbers; one of the eight unknown quantities is a figure 
having 206,545 digits (assuming that 15 printed digits take up one inch of space, the 
number would be over 1/5 of a mile long). Although it is generally agreed that the 
problem originated with the celebrated mathematician of Syracuse, no one contends 
that Archimedes actually carried through all the necessary computations. 

Such equations and dogmatic rules, without any proof for calculating their so- 
lutions, spread to India more than a thousand years before they appeared in Europe. 
In the 7th century, Brahmagupta said that a person who can within a year solve 
the equation x” — 92y” = 1 is a mathematician; for those days, he would at least 
have to be a good arithmetician, because x = 151, y = 120 is the smallest positive 
solution. A computationally more difficult task would be to find integers satisfy- 
ing x* — 94y* = 1, for here the fundamental solution is given by x = 2143295, 
y = 221064. 

Fermat, therefore, was not the first to propose solving the equation x* — dy? = 1 
or even to devise a general method of solution. He was perhaps the first to assert 
that the equation has an infinitude of solutions whatever the value of the nonsquare 
integer d. Moreover, his effort to elicit purely integral solutions to both this and 
other problems was a watershed in number theory, breaking away as it did from the 
classical tradition of Diophantus’s Arithmetica. 


PROBLEMS 15.5 


1. If xo, yo is a positive solution of the equation x” — dy? = 1, prove that x9 > yo. 
2. By the technique of successively substituting y = 1, 2,3, ... into dy? + 1, determine the 
smallest positive solution of x? — dy? = 1 when d is 
(a) 7. 
(b) 11. 
(c) 18. 
(d) 30. 
(e).39. 


10. 


11. 


12. 


13. 
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. Find all positive solutions of the following equations for which y < 250: 


(a) x? —2y? = 1. 
(b) x? —3y? = 1. 
(c) x2 —5y? = 1. 


. Show that there is an infinitude of even integers n with the property that both n + 1 and 


n/2-+ 1 are perfect squares. Exhibit two such integers. 


. Indicate two positive solutions of each of the equations below: 


(a) x? — 23y? = 1. 
(b) x* — 26y” = 1. 
(c) x2 — 33y? = 1. 


. Find the fundamental solutions of these equations: 


(a) x7 — 29y? = 1. 
(b) x Aly’ = 1. 
(c) x? —74y? = 1. 
[Hint: 41 = [6;2, 2, 12] and /74 = [8;1, 1, 1, 1, 16].] 


. Exhibit a solution of each of the following equations: 


(a) x? — 13y? = -1. 
(b) x? — 29y? = —-1. 
(c) x? —41ly? = -1. 


. Establish that if xo, yo is a solution of the equation x? — dy? = —1, then x = 2dyé — 1, 


y = 2xoyo satisfies x* — dy? = 1. Brouncker used this fact in solving x? — 313y? = 1. 


. If d is divisible by a prime p = 3 (mod 4), show that the equation x” — dy* = —1 has 


no solution. 
If x1, y; is the fundamental solution of x? — dy* = 1 and 


Xn + yaVd = (41 + yd)" Wa 1s2, 3. one 


prove that the pair of integers x,, y, can be calculated from the formulas 


1 
Xn = ali + yiVd)" + (1 — y:Vd)"] 


Yn = Slen + a" - (x1 — y:Vd)"] 


Verify that the integers x,, y, in the previous problem can be defined inductively either 
by 

Xn4+1 = X1Xn ate dy1Yn 

Ynt+1 = X1Yn + Xn 


forn = 1,2,3,..., or by 
Xnt1 = 2X1Xn — Xn-1 
Yn+1 = 2X1Yn — Yn-1 
forn = 2,3,.... 
Using the information that x; = 15, y; = 2 is the fundamental solution of x? — 56y* = 1, 
determine two more positive solutions. 
(a) Prove that whenever the equation x* — dy” = c is solvable, it has infinitely many 


solutions. 
[Hint: If u, v satisfy x* — dy? = c andr, s satisfy x* — dy” = 1, then 


(ur + dvsyY —d(us tyr) = (Ww? — dv?\(r* — ds”) = c.] 
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14. 


15. 


16. 


(b) Given that x = 16, y = 6 is a solution of x” — 7y* = 4, obtain two other positive 
solutions. 


(c) Given that x = 18, y = 3 is a solution of x* — 35y* = 9, obtain two other positive 
solutions. 

Apply the theory of this section to confirm that there exist infinitely many primitive 

Pythagorean triples x, y, z in which x and y are consecutive integers. 

[Hint: Note the identity (s? — t7) — 2st = (s — t)* — 22?.] 

The Pell numbers p,, and q, are defined by 


Po=O Pr=lL pr=2Pn-1+ Pn-2 n2e2 
go = 1 qg=1 Qn = 2Gn-1 + Gn-2 n>2 
This gives us the two sequences 
0, 1, 2,5, 12, 29, 70, 169, 408, ... 
11,37 717, 41, 997. 239; S77 


Ifa = 14+ 2 and p=1- ./2, show that the Pell numbers can be expressed as 
a” — p” a" + Bp” 
D = in —} 


forn > 0. 

[Hint: Mimic the argument on page 296, noting that @ and £ are roots of the equation 
x7 —2x-1=0] 

For the Pell numbers, derive the relations below, where n > 1: 

(a) Pon = 2PnQn- 

(b) Pn ote Pn-1 = Qn- 

(c) 29? — gan = (-1)". 

(d) Pa + Pati + Pn+3 = 3Pn42- 

(e) q2 — 2p? = (—1)"; hence, gn/p, are the convergents of 2. 


CHAPTER 
SOME MODERN DEVELOPMENTS 


As with everything else, so with a mathematical theory: beauty can be 
perceived, but not explained. 
ARTHUR CAYLEY 


16.1 HARDY, DICKSON, AND ERDOS 


The vitality of any field of mathematics is maintained only as long as its practitioners 
continue to ask (and to find answers to) interesting and worthwhile questions. Thus 
far, our study of number theory has shown how that process has worked from its 
classical beginnings to the present day. The reader has acquired a working knowledge 
of how number theory is developed and has seen that the field is still very much alive 
and growing. This brief closing chapter indicates several of the more promising 
directions that growth has taken in the 20th century. 

We begin by looking at some contributions of three prominent number the- 
orists from the past century, each from a different country: Godfrey H. Hardy, 
Leonard E. Dickson, and Paul Erdos. In considerably advancing our mathemati- 
cal knowledge, they are worthy successors to the great masters of the past. 

For more than a quarter of a century, G. H. Hardy (1877-1947) dominated En- 
glish mathematics through both the significance of his work and the force of his 
personality. Hardy entered Cambridge University in 1896 and joined its faculty in 
1906 as a lecturer in mathematics, a position he continued to hold until 1919. Per- 
haps his greatest service to mathematics in this early period was his well-known 
book A Course in Pure Mathematics. England had had a great tradition in applied 
mathematics, starting with Newton, but in 1900, pure mathematics was at a low 
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Godfrey Harold Hardy 
(1877-1947) 


(Trinity College Library, Cambridge) 


ebb there. A Course in Pure Mathematics was designed to give the undergraduate 
student a rigorous exposition of the basic ideas of analysis. Running through nu- 
merous editions and translated into several languages, it transformed the trend of 
university teaching in mathematics. 

Hardy’s antiwar stand excited strong negative feelings at Cambridge, and in 
1919, he was only too ready to accept the Savilian chair in geometry at Oxford. He 
was succeeded on the Cambridge staff by John E. Littlewood. Eleven years later, 
Hardy returned to Cambridge, where he remained until his retirement in 1942. 

Hardy’s name is inevitably linked with that of Littlewood, with whom he carried 
on the most prolonged (35 years), extensive, and fruitful partnership in the history of 
mathematics. They wrote nearly 100 papers together, the last appearing a year after 
Hardy’s death. It was often joked that there were only three great English mathemati- 
cians in those days: Hardy, Littlewood, and Hardy-Littlewood. (One mathematician, 
upon meeting Littlewood for the first time, exclaimed, “I thought that you were 
merely a name used by Hardy for those papers which he did not think were quite 
good enough to publish under his own name.”) 

There are very few areas of number theory to which Hardy did not make a 
significant contribution. A major interest of his was Waring’s problem; that is, the 
question of representing an arbitrary positive integer as the sum of at most g(k) 
kth powers (see Section 13.3). The general theorem that g(k) is finite for all k was 
first proved by Hilbert in 1909 using an argument that shed no light on how many 
kth powers are needed. In a series of papers published during the 1920s, Hardy 
and Littlewood obtained upper bounds on G(k), defined to be the least number 
of kth powers required to represent all sufficiently large integers. They showed 
(1921) that G(k) < (k — 2)2*"! + 5 for all k, and, more particularly, that G(4) < 19, 
G(5) < 41, G(6) < 87, and G(7) < 193. Another of their results (1925) is that for 
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“almost all” positive integers g(4) < 15, whereas g(k) < (1/2k — 1)2‘-! + 3 when 
k =3o0rk > 5. Because 79 = 4-24+15-14 requires 19 fourth powers, g(4) > 19; 
this, together with the bound G(4) < 19 suggested that g(4) = 19 and raised the 
possibility that its actual value could be settled by computation. 

Another topic that drew the attention of the two collaborators was the classical 
three-primes problem: Can every odd integer n > 7 be written as the sum of three 
prime numbers? In 1922, Hardy and Littlewood proved that if certain hypotheses are 
made, then there exists a positive number N such that every odd integern > N isa 
sum of three primes. They also found an approximate formula for the number of such 
representations of n. I. M. Vinogradov later obtained the Hardy-Littlewood conclu- 
sion without invoking their hypotheses. All the Hardy-Littlewood papers stimulated 
a vast amount of further research by many mathematicians. 

L. E. Dickson (1874-1954) was prominent among a small circle of those who 
greatly influenced the rapid development of American mathematics at the turn of 
the century. He received the first doctorate in mathematics from the newly founded 
University of Chicago in 1896, became an assistant professor there in 1900, and 
remained at Chicago until his retirement in 1939. 

Reflecting the abstract interests of his thesis advisor, the distinguished E. H. 
Moore, Dickson initially pursued the study of finite groups. By 1906, Dickson’s 
prodigious output had already reached 126 papers. He would jokingly remark that, 
although his honeymoon was a success, he managed to get only two research arti- 
cles written then. His monumental History of the Theory of Numbers (1919), which 
appeared in three volumes totaling more than 1600 pages, took 9 years to complete; 
by itself this would have been a life’s work for an ordinary man. One of the century’s 
most prolific mathematicians, Dickson wrote 267 papers and 18 books covering a 
broad range of topics in his field. An enduring bit of legend is his barb against appli- 
cable mathematics: “Thank God that number theory is unsullied by applications.” 
(Expressing much the same view, Hardy is reported to have made the toast: “Here’s to 
pure mathematics! May it never have any use.’”) In recognition of his work, Dickson 
was the first recipient of the F. N. Cole Prize in algebra and number theory, awarded 
in 1928 by the American Mathematical Society. 

Dickson stated that he always wished to work in number theory, and that he wrote 
the History of the Theory of Numbers so he could know all that had been done on the 
subject. He was particularly interested in the existence of perfect numbers, abundant 
and deficient numbers, and Waring’s problem. A typical result of his investigations 
was to list (in 1914) all the odd abundant numbers less than 15,000. 

In a long series of papers beginning in 1927, Dickson gave an almost complete 
solution of the original form of Waring’s problem. His final result Gn 1936) was 
that, for nearly all k, g(k) assumes the ideal value g(k) = 2* + [(3/2)*] — 2, as was 
conjectured by Euler in 1772. Dickson obtained a simple arithmetic condition on k 
for ensuring that the foregoing formula for g(k) held, and showed that the condition 
was Satisfied for k between 7 and 400. With the dramatic increase in computer 
power, it is now known that Euler’s conjecture for g(k) holds when k is between 2 
and 471600000. 

Paul Erdos (1913-1996), who is often described as one of the greatest modern 
mathematicians, is unique in mathematical folklore. The son of two high school 
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teachers of mathematics, his genius became apparent at a very early age. Erdos 
entered the University of Budapest when he was 17 and graduated 4 years later with 
a Ph.D. in mathematics. As a first year student in college, he published his first paper, 
which was a simple proof of Bertrand’s conjecture that for any n > 1 there is always 
a prime between n and 2n. 

After a 4-year fellowship at Manchester University, England, Erdos adopted the 
lifestyle of a wandering scholar, a “Professor of the Universe.” He traveled the world 
constantly, often visiting as many as 15 universities and research centers in a month. 
(Where Gauss’s motto was “Few, but ripe,” Erdos took as his the words “Another 
roof, another proof.”) Although Erdos never held a regular academic appointment, he 
had standing offers at several institutions where he could pause for short periods. In 
his total dedication to mathematical research, Erdos dispensed with the pleasures and 
possessions of daily life. He had neither property nor fixed address, carried no money 
and never cooked anything, not even boiled water for tea; a few close friends handled 
his financial affairs, including filing his income tax returns. A generous person, Erdos 
was apt to give away the small honoraria he picked up from his lectures, or used them 
to fund two scholarships that he set up for young mathematicians—one in Hungary 
and one in Israel. 

Erdos’s work in number theory was always substantial and frequently monu- 
mental. One feat was his demonstration (1938) that the sum of the reciprocals of 
the prime numbers is a divergent series. In 1949, he and Atle Selberg independently 
published “elementary”—though not easy—proofs of what is called the Prime Num- 
ber Theorem. (It asserts that (x) © x/log x, where 2(x) is the number of primes 
p <x.) This veritable sensation among number theorists helped earn Selberg a Fields 
Medal (1950) and Erdos a Cole Prize (1952). Erdos received the prestigious Wolf 
Prize in 1983 for outstanding achievement in mathematics; of the $50,000 award, 
he retained only $750 for himself. 

Erdos published, either alone or jointly, more than 1200 papers. With over 300 
coauthors, he collaborated with more people than any other mathematician. As a spur 
to his collaborators, Erdos attached monetary rewards to problems that he had been 
unable to solve. The rewards generally ranged from $10 to $10,000, depending on his 
assessment of the difficulty of the problem. The inducement to obtain a solution was 
not as much financial as prestigious, for there was a certain notoriety associated with 
owning a check bearing Erdos’s name. The following reflect the range of questions 
that he would have liked to have seen answered: 


1. Does there exist an odd integer that is not of the form 2* + n, with n square-free? 

2. Are there infinitely many primes p (such as p = 101) for which p — k! is com- 
posite whenever 1 < k! < p? 

3. Is it true that, for all k > 8, 2“ cannot be written as the sum of distinct powers of 
3? [Note that 28 = 3° + 3? +3411] 

4. If p(n) is the largest prime factor of n, does the inequality p(n) > p(n + 1) > 
p(n + 2) have an infinite number of solutions? 

5. Given an infinite sequence of integers, the sum of whose reciprocals diverges, does 
the sequence contain arbitrarily long arithmetic progressions? ($3,000 offered for 
an answer) 
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Through a host of problems and conjectures such as these, Paul Erdos stimulated 
two generations of number theorists. 

A word about a current trend: computation has always been an important inves- 
tigative tool in number theory. Therefore, it is not surprising that number theorists 
were among the first mathematicians to exploit the research potential of modern 
electronic computers. The general availability of computing machinery has given 
rise to a new branch of our discipline, called Computational Number Theory. Among 
its wide spectrum of activities, this subject is concerned with testing the primality of 
given integers, finding lower bounds for odd perfect numbers, discovering new pairs 
of twin primes and amicable numbers, and obtaining numerical solutions to cer- 
tain Diophantine equations (such as x” + 999 = y°). Another fruitful line of work 
is to verify special cases of conjectures, or to produce counterexamples to them; 
for instance, in regard to the conjecture that there exist pseudoprimes of the form 
2” — 2, a computer search found the pseudoprime 2*©°’"4 — 2. The problem of fac- 
toring large composite numbers has been of continuing computational interest. The 
most dramatic result of this kind was the recent determination of a prime factor 
of the twenty-eighth Fermat number F23, an integer having over 8 million decimal 
digits. Previously, it had been known only that F2g is composite. The extensive cal- 
culations produced the 22-digit factor 25709319373 - 27° + 1. No doubt number- 
theoretic records will continue to fall with the development of new algorithms and 
equipment. 

Number theory has many examples of conjectures that are plausible, are sup- 
ported by seemingly overwhelming numerical evidence, and yet turn out to be false. 
In these instances, a direct computer search of many cases can be of assistance. 
One promising conjecture of long standing was due to George Polya (1888-1985). 
In 1914, he surmised that for any n > 2, the number of positive integers up to n 
having an odd number of prime divisors is never smaller than the number having 
an even number of prime divisors. Let A be the Liouville function, defined by the 
equation A(n) = (—1)%”, where the symbol Q(n) represents the total number of 
prime factors of n > 2 counted according to their multiplicity (A(1) = 1). With this 
notation, the Pélya conjecture may be written as a claim that the function 


Lin) = Dx) 
is never positive for any n > 2. Pélya’s own calculations confirmed this up ton = 
1500, and the conjecture was generally believed true for the next 40 years. In 1958, 
C. B. Haselgrove proved the conjecture false by showing that infinitely many integers 
n exist for which L(n) > 0. However, his method failed to furnish any specific n 
for which the conjecture is violated. Shortly thereafter (1960), R. S. Lehman called 
attention to the fact that 


L(9906180359) = 1 


The least value of n satisfying L(n) > O was discovered in 1980; it is 906150257. 
Another question that could not have been settled without the aid of computers is 
whether the string of digits 123456789 occurs somewhere in the decimal expansion 
for z. In 1991, when the value of 2 extended beyond one billion decimal digits, it 
was reported that the desired block appeared shortly after the half-billionth digit. 
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16.2 PRIMALITY TESTING AND FACTORIZATION 


In recent years, primality testing has become one of the most active areas of inves- 
tigation in number theory. The dramatic improvements in power and sophistication 
of computing equipment have rekindled interest in large-scale calculations, leading 
to the development of new algorithms for quickly recognizing primes and factoring 
composite integers; some of these procedures require so much computation that their 
implementation would have been infeasible a generation ago. Such algorithms are 
of importance to those in industry or government concerned with safeguarding the 
transmission of data; for various present-day cryptosystems are based on the inherent 
difficulty of factoring numbers with several hundred digits. This section describes a 
few of the more recent innovations in integer factorization and primality testing. The 
two computational problems really belong together, because to obtain a complete 
factorization of an integer into a product of primes we must be able to guarantee— 
or provide certainty beyond a reasonable doubt—that the factors involved in the 
representation are indeed primes. 

The problem of distinguishing prime numbers from composite numbers has 
occupied mathematicians through the centuries. In his Disquisitiones Arithmeticae, 
Gauss acclaimed it as “the most important and useful in arithmetic.” Given an integer 
n > 1, just how does one go about testing it for primality? The oldest and most direct 
method is trial division: check each integer from 2 up to ,/n to see whether any is 
a factor of n. If one is found, then n is composite; if not, then we can be sure that 
n is prime. The main disadvantage to this approach is that, even with a computer 
capable of performing a million trial divisions every second, it may be so hopelessly 
time-consuming as to be impractical. It is not enough simply to have an algorithm 
for determining the prime or composite character of a reasonably large integer; what 
we really need is an efficient algorithm. 

The long-sought rapid test for determining whether a positive integer is prime 
was devised in 2002 by three Indian computer scientists (M. Agrawal, N. Kayal, 
and N. Saxena). Their surprisingly simple algorithm provides a definite answer in 
“polynomial time,” that is, in about d° steps where d is the number of binary digits 
of the given integer. 

In 1974, John Pollard proposed a method that is remarkably successful in finding 
moderate-sized factors (up to about 20 digits) of formerly intractable numbers. Con- 
sider a large odd integer n that is known to be composite. The first step in Pollard’s 
factorization method is to choose a fairly simple polynomial of degree at least 2 with 
integer coefficients, such as a quadratic polynomial 


f(x)=x*+a a¥0,-2 


Then, starting with some initial value xo, a “random” sequence x1, x2, x3,... iS 
created from the recursive relation 


Xx~41 = f (xx) (mod n) | ea) Pe ea 


that is, the successive iterates x; = f(x9), x2 = f(f(o)), x3 = f(f(f(%0))), ... are 
computed modulo n. 
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Let d be a nontrivial divisor of n, where d is small compared with n. Because 
there are relatively few congruence classes modulo d (namely, d of them), there will 
probably exist integers x; and x; that lie in the same congruence class modulo d 
but belong to different classes modulo n; in short, we will have x, = x; (mod d), 
and x, # x; (mod n). Because d divides x, — x; and n does not, it follows that 
gcd(x,; — x;, nm) 1S a nontrivial divisor of n. In practice, a divisor d of n is not known 
in advance. But it can most likely be detected by keeping track of the integers x;, 
which we do know. Simply compare x; with earlier x;, calculating gcd(x,; — x;,n) 
until a nontrivial greatest common divisor occurs. The divisor obtained in this way 
is not necessarily the smallest factor of n, and indeed it may not even be prime. The 
possibility exists that when a greatest common divisor greater than 1 is found, it may 
turn out to be equal to n itself; that is, x, = xj; (mod 7). Although this happens only 
rarely, one remedy is to repeat the computation with either a new value of xo ora 
different polynomial f(x). 

A rather simple example is afforded by the integer n = 2189. If we choose 
xo = land f(x) = x* + 1, the recursive sequence will be 


Kita 2, ORS, ERS O, i SOT, 320 ee 
Comparing different x;,, we find that 
gcd(xs5 — x3, 2189) = gcd(803, 2189) = 11 


and so a divisor of 2189 is 11. 

As k increases, the task of computing gcd(x;, — x;,n) for each j < k becomes 
very time-consuming. We shall see that it is often more efficient to reduce the number 
of steps by looking at cases in which k = 27. Let d be some (as yet undiscovered) 
nontrivial divisor of n. If x, = x; (mod d), with j < k, then by the manner in which 
f(x) was selected 


xj41 = f(xy) = fx) = Xe41 (mod d) 


It follows from this that, when the sequence {x;} is reduced modulo d, a block of 
k — j integers is repeated infinitely often. That is, if7 = s (modk — j), wherer > j 
and s > j, then x, = x, (mod d); and, in particular, x2, = x, (mod d) whenever t is 
taken to be a multiple of k — j larger than j. It is reasonable therefore to expect that 
there will exist an integer k for which 1 < gcd(x2, — x%, n) < n. The drawback in 
computing only one greatest common divisor for each value of k is that we may not 
detect the first time that gcd(x; — x;, 7) is a nontrivial divisor of n. 
A specific example will make matters come to life. 


Example 16.1. To factor n = 30623 using this variant of Pollard’s method, let us take 
Xo = 3 as the starting value and f(x) = x* — 1 as the polynomial. The sequence of 
integers that x, generates is 


8, 63, 3968, 4801, 21104, 28526, 18319, 18926, ... 
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Making the comparison x2; with x;,, we get 
x2 —x,; = 63-—8=55 gcd(55,n) = 1 
x4 — X2 = 4801 — 63 = 4738 gcd(4738, n) = 1 
xX6 — X3 = 28526 — 3968 = 24558 gcd(24558, n) = 1 
xg — X4 = 18926 — 4801 = 14125 gcd(14125, n) = 113 
The desired factorization is 30623 = 113 - 271. 
When the x; are reduced modulo 113, the new sequence 


8, 63, 13, 55, 86, 50, 13,55, ... 


is obtained. This sequence is ultimately periodic with the four integers 13, 55, 86, 50 
being repeated. It is also worth observing that because xg = x4 (mod 113), the length 
of the period is 8 — 4 = 4. The situation can be represented pictorially as 


X4 = Xg =S5 X5 =Xq = 86 
X3 =x, =13 
X6 = X19 =50 
X7 = 63 
x,=8 
X9 =3 


Because the figure resembles the Greek letter o (rho), this factoring method is 
popularly known as Pollard’s rho-method. Pollard himself had called it the Monte 
Carlo method, in view of its random nature. 


A notable triumph of the rho-method is the factorization of the Fermat number 
Fg by Brent and Pollard in 1980. Previously Fg had been known to be composite, but 
its factors were undetermined. Using f(x) = x2" + 1 and xo = 3 in the algorithm, 
Brent and Pollard were able to find the prime factor 1238926361552897 of Fg in 
only 2 hours of computer time. Although they were unable to verify that the other 
62-digit factor was prime, H. C. Williams managed the feat shortly thereafter. 

Fermat’s theorem lies behind a second factorization scheme developed by 
John Pollard in 1974, known as the p — 1 method. Suppose that the odd composite 
integer n to be factored has an unknown prime divisor p with the property that 
p —1 is a product of relatively small primes. Let gq be any integer such that 
(p — 1)|q. For instance, g could be either k! or the least common multiple of the 
first k positive integers, where k is taken sufficiently large. Next choose an integer 
a, with 1 <a < p —1, and calculate a? = m (mod n). Because g = (p — 1)j for 
some j, the Fermat congruence leads to 


m =a!‘ =(a?')! = 1/ = 1 (mod p) 


implying that p|(m — 1). This forces gcd(m — 1,n) > 1, which gives rise to a 
nontrivial divisor of n as long as m ¥ 1 (mod n). 


SOME MODERN DEVELOPMENTS 361 


It is important to note that gcd(m — 1, n) can be calculated without knowing p. 
If it happens that gcd(m — 1, n) = 1, then one should go back and select a different 
value of a. The method might also fail if g is not taken to be large enough; that is, 
if p — 1 contains a large prime factor or a small prime occurring to a large power. 


Example 16.2. Let us obtain a nontrivial divisor of n = 2987 by taking a = 2 and 
g = 7! in Pollard’s p — 1 method. To find 27! (mod 2987), we compute 


(((((2’)°)")P)°)’ (mod 2987) 
the sequence of calculations being 
2? = 4 (mod 2987) 
43 = 64 (mod 2987) 
64* = 2224 (mod 2987) 
2224° = 1039 (mod 2987) 
1039° = 2227 (mod 2987) 
2227’ = 755 (mod 2987) 
Because gcd(754, 2987) = 29, we have discovered that 29 is a divisor of 2987. 


The continued fraction factoring algorithm also played a prominent role during 
the mid-1970s. This iterative procedure was contained in Legendre’s Théorie des 
Nombres of 1798, but over the ensuing years fell into disuse owing to the drudgery of 
its complicated calculations. With the advent of electronic computers, there was no 
longer a practical reason for ignoring the method as the inhibiting computations could 
now be done quickly and accurately. Its first impressive success was the factorization 
of the 39-digit Fermat number F7, performed by Morrison and Brillhart in 1970 and 
published in 1975. 

Before considering this method, let us recall the notation of continued fractions. 
For a nonsquare positive integer n, the continued fraction expansion of ./n is 


Vn = [a3 41, a2, 43, ...] 


where the integers a; are defined recursively by 


aj=[xo], x=JSn 


A+. = [res], Xke1 = for k > 0 
Xk — Ak 
The kth convergent C; of ./n is 
Cy = [a3 41, 2, .-., Ax] = pe/ ak 


The p, and q;, can be calculated from the relations 
p2=9¢1=0, pi=q.2=1 
and 
Pk = 4k Pe-1 + Pk-2 
Gk = A9r-1 + Qe-2_ fork > 0 
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Now the values do, a1, a2, ... are used to define integers s;, and t, as follows: 
So = 0, to = 1 
Sk41 = Ah — Sk, kp = (n > Sis1)/te fork >= 0 
The equation that we require appears in Theorem 15.12; namely, 
Py. — ngk_1 = (-D*te (k= 1) 
or, expressed as congruence modulo n, 
pes = (—1)*t, (mod n) 


The success of this factorization method depends on % being a perfect square for 
some even integer k, say t, = y”. This would give us 


D4 = y’ (mod n) 


and a chance at a factorization of n. If py_1 # +y (mod n), then gcd(pz_; + y, n) 
and gcd(p,_—1 — y, n) are nontrivial divisors of n; for n would divide the product of 
Pxr-1 + y and px_-; — y without dividing the factors. In the event that p,_; = +y 
(mod n), we locate another square ¢, and try again. 


Example 16.3. Let us factor 3427 using the continued fraction factorization method. 
Now ¥ 3427 has the continued fraction expansion 


e042 /-= [9821,1, 5, 1,1, 1; 16).42, 2 .] 


The results of calculating s;, t,, and p, are listed in tabular forms with some values of 


Px reduced modulo 3427: 
k 0 1 2 3 4 5 6 7 8 
ak 58 1 1 5 1 1 1 16 12 
Sk 0 45 23 22 13 41 43 17 42 
tk 1 63 54 19 69 42 73 7 9 
Pe «58 59 117 644 761 1405 2166 1791 3096 


The first %, with an even subscript, that is a square, is tg. Thus, we consider the 
congruence 


p> = (—1)8tg (mod 3427) 
which is to say the congruence 
1791? = 3° (mod 3427) 
Here, it is determined that 
gcd(1791 + 3, 3427) = gced(1794, 3427) = 23 
gcd(1791 — 3, 3427) = gcd(1788, 3427) = 149 
and so both 23 and 149 are factors of 3247. Indeed, 3427 = 23 - 149. 
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A square f2; does not necessarily lead to a nontrivial divisor of n. Taken = 1121, 
for example. From 1121 = [33;2, 12, 1, 8, 1, 1, ...], we obtain the table of values 


k 0 1 2 3 4 5 6 


ak 33 2 12 1 8 1 1 


Sk 0 33 31 29 27 29 11 
tk 1 32 5 56 7 40 25 


Dk 33 67 837 904 8069 8973 17042 


Now f6 is a square. The associated congruence ps5; = (—1)°ts (mod 1121) 
becomes 


8973? = 5° (mod 1121) 
But the method fails at this point to detect a nontrivial factor of 1121, for 
gcd(8973 + 5, 1121) = gced(8978, 1121) = 1 
gcd(8973 — 5, 1121) = gced(8968, 1121) = 1121 


When the factoring algorithm has not produced a square ft, after having gone 
through many values of k, there are ways to modify the procedure. One variation 
is to find a set of t,’s whose product, with appropriate sign, is a square. Our next 
example illustrates this technique. 


Example 16.4. Consider the integer n = 2059. The table concerning the continued 
fraction expansion of / 2059 is 


k 0 1 2 3 4 5 6 7 8 


ak 45 2 1 1 1 12 2 1 17 


Sk 0 45 23 22 13 41 43 17 42 
tk 1 34 45 35 54 7 30 59 5 


Dk 45 91 136 227 363 465 1293 1758 294 


In search of promising fj, we notice that t2tg = 45 - 5 = (3 - 5)*. The two associated 
congruences are 


py = (—1)*t2 (mod 2059), p3 = (—1)*tg (mod 2059) 

expressed otherwise, 

917 = 45 (mod 2059), 1758* = 5 (mod 2059) 
Multiplying these together yields 

(91 - 1758)* = 15” (mod 2059) 

or, reduced modulo 2059, 1435? = 15% (mod 2059). This leads to 

gcd(1435 + 15, 2059) = ged(1450, 2059) = 29 
and a divisor 29 of 2059. The complete factorization is 2059 = 29-71. 
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Another modification of the algorithm is to factor n by looking at the conti- 
nued fraction expansion of ,/mn, where m is often a prime or the product of the 
first few primes. This amounts to searching for integers x and y where x? = y? 
(mod mn) and then calculating gcd(x + y, mn) in the hope of producing a nontrivial 
divisor of n. 

As an example, let n = 713. Let us look at the integer 4278 = 6-713 with 
expansion /4278 = [65;2,2,5,1,...]. A square f., arises almost immediately 
in the computations, since t2 = 49. Thus, we examine the congruence pr = 
(—1)*t2 (mod 4278), which is to say 


131° = (-1)’7* (mod 4278) 
It is seen that 
gcd(131 + 7, 4278) = gcd(138, 4278) = gcd(6 - 23, 6-713) = 23 


which gives 23 as a factor of 713. Indeed, 713 = 23 - 31. 

This approach is essentially the one taken by Morrison and Brillhart in their 
landmark factorization of F7. From the first 1300000 of the #,’s occurring in the 
expansion of ./257 F7, some 2059 of them were completely factored in order to find 
a product that is a square. 

Toward the end of the 20th century, the quadratic sieve algorithm was the method 
of choice for factoring very large composite numbers—including the 129-digit RSA 
Challenge Number. It systematized the factor scheme published by Kraitchik in 
1926 (page 100). This earlier method was based on the observation that a composite 
number n can be factored whenever integers x and y satisfying 


r= y? (mod n) x £+y (mod n) 


can be found; for then gcd(x — y, n) and gcd(x + y, n) are nontrivial divisors of n. 
Kraitchik produced the pair x and y by searching for a set of congruences 


x? = y; (mod n) ee RCS a 
where the product of the y; is a perfect square. It would follow that 
(x1x2--+x,)? = y1yo-+-y, = c* (modn) 


giving a solution of the desired equation x* = y* (mod n) and, quite possibly, a 
factor of n. The drawback to this technique is that the determination of a promising 
set of y; is a trial and error process. 

In 1970, John Brillhart and Michael Morrison developed an efficient strategy for 
identifying congruences ae = y; (mod n) whose product yields a square. The first 
step is the selection of a factor base {—1, pi, p2,..., p,} consisting of py = 2 and 
small odd primes p; such that n is a quadratic residue of each p;; that is, the value of 
the Legendre symbol (n/p; ) = 1. Usually, the factor base consists of all such primes 
up to some fixed bound. Next the quadratic polynomial 


f@)=x*-n 


is evaluated for integral x “near” [./n], the largest integer less than ./n. More 
explicitly, take x = [,/n], +1 + [/n], +2 +[/n], .... The factor base is tailored 
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to n so that each prime in it divides at least one value of f(x), with —1 included so 
as to allow negative values of f(x). 

We are interested only in those f(x) that factor completely within the primes of 
the factor base, all other values being excluded. 

If 


f(x) = (-1) pi p? «+ p& kyo = Oor 1 k; > 0 (0) ae — al (eee ona 


then the factorization can be stored in an (r + 1)-component exponent vector de- 
fined by 


v(x) = (Ko, ji, ja,---5 Jr) ji =k; (mod2) fori =1,2,...,r 


The components of the vector are either 0 or 1, depending on whether the prime 
p; occurs in f(x) to an even or an odd power. Notice that the exponent vector of 
a product of f(x)’s is the sum of their respective exponent vectors modulo 2. As 
soon as the number of exponent vectors found in this way exceeds the number of 
elements of the factor base, a linear dependency will occur among the vectors— 
although such a relation is often discovered earlier. In other words, there will exist 
a subset x1, X2,..., Xs for which 


v(x) + v(x2) + --- + vV(x5) = CO, 0, ---, 0) (mod 2) 


This means that the product of the corresponding f(x) is a perfect square, say y, 
resulting in an expression of the form 


(41x -+ +5) = f(r) f (Ho): ++ f(s) = y? (mod n) 


There is a reasonable chance that (x;x2---x;) # +y (mod n), in which event 
gcd(x1x2---xXs; — y,n) is a nontrivial divisor of n. Otherwise, new linear depen- 
dencies are searched for until n is factored. 


Example 16.5. As an example of the quadratic sieve algorithm, let us take n = 9487. 
Here [,/n] = 97. The factor base selected is {—1, 2, 3, 7, 11, 13, 17, 19, 29} consisting 
of —1 and the eight primes less than 30 for which 9487 is a quadratic residue. We exam- 
ine the quadratic polynomial f(x) = x* — 9487 forx =i +97 (i =0,+1,..., +16). 
Those values of f(x) that factor completely into primes from the factor base are listed 
in the table, along with the components of their exponent vectors. 


x f(x) = | 2 3 7 11 13 17 19 29 
81 =9996 = =2.7-11219 1 1 0 1 1 0 0 1 0 
84 ea? es eo I Os 1 0 0 0 1 1 1 0 0 
85 0267 S29 3S 13229 1 1 1 0 0 1 0 0 1 
89 —1566 = —2- 33.29 1 1 1 0 0 0 0 0 1 
95 2AG0 SF edt 1 1 1 1 1 0 0 0 0 
97 —78 =—2>3-13 1 1 1 0 0 1 0 0 0 
98 117 = 32 - 13 0 0 0 0 0 1 0 0 0 
100 513 = 33-19 0 0 1 0 0 0 0 1 0 
101 714=2-3-7-17 0 i 1 1 0 0 1 0 0 
103 L298 1A 17 0 1 1 0 1 0 1 0 0 
109 2394 =2-32-7-19 0 1 0 1 0 0 0 1 0 
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Our table indicates that the exponent vectors for f(85), f(89), and f(98) are 
linearly dependent modulo 2; that is, 


v(85) + v(89) + v(98) = (0, 0, ..., 0) (mod 2) 
The congruences corresponding to these vectors are 
f (85) = 85? = —2-3- 13-29 (mod 9487) 
f (89) = 89? = —2- 3° - 29 (mod 9487) 
f 98) = 987 = 3? - 13 (mod 9487) 
which, when multiplied together, produce 
(85 - 89-98)? = (2-37 - 13-29)” (mod 9487) 
or 
741370° = 203587 (mod 9487) 


Unfortunately, 741370 = 20358 (mod 9487) and no nontrivial factorization of 9487 
will be achieved. 
A more fruitful choice is to employ the dependency relation 


v(81) + v(95) + v(100) = (0, 0, ..., 0) (mod 2) 

This will lead us to the congruence 

(81 -95- 100) = (2- 3*- 7-11 - 19)* (mod 9487) 
or 

7695007 = 263347 (mod 9487) 
Reducing the values modulo 9487, we arrive at 
10537 = 7360* (mod 9487) 

with 1053 4 7360 (mod 9487). Then 

gcd(1053 + 7360, 9487) = gcd(8413, 9487) = 179 
and 9487 is factored as 9487 = 179 - 53. 


It is sometimes helpful to notice that once one value of x is found for which 
the prime p divides f(x), then every pth value is also divisible by p; this occurs 
because 


f(x +kp) = (x +kpY —n =x? —n= f(x) (mod p) 


fork = 0, +1, +2,.... The algorithm “sieves” the integers x much like the sieve of 
Eratosthenes for locating multiples of p. In the last example, for instance 7 divides 
f(81) as well as f(88), f(95), f(102), .... Obtaining values f(x) that factor over 
the factor base can be done by performing this sieving process for each of the primes 
in the base. 

Fermat’s theorem provides a way of recognizing most composite numbers. Sup- 
pose that the character of an odd integer n > 1 is to be determined. If a number a 
can be found with 1 < a < nanda"~! # 1 (mod n), then n is definitely composite. 
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This is known as the Fermat test for nonprimality. It is quite efficient—provided 
we know which a to choose—but has the shortcoming of giving no clue as to what 
the factors of n might be. On the other hand, what happens if the Fermat congru- 
ence a”! = 1 (mod n) holds? Here, it is “quite likely” that n is prime, although 
we cannot be mathematically certain. The problem is that for a given value of a 
there exist infinitely many composite numbers n for which a”~! = 1 (mod n). These 
numbers n are called pseudoprimes with respect to the base a. To give a feel for 
their scarcity, note that below 10!° there are only 14882 pseudoprimes with respect 
to base 2, compared with 455052511 primes. Worse yet, there exist n that are pseu- 
doprime to every base, the so-called absolute pseudoprimes or Carmichael numbers. 
They are an extremely rare sort of number, although there are infinitely many of 
them. 

By imposing further restrictions on the base a in Fermat’s congruence a”~! = 1 
(mod n), it is possible to obtain a definite guarantee of the primality of n. Typical 
of the kind of result to be found is that known as Lucas’s Converse of Fermat’s 
Theorem. It was first given by the French number theorist Edouard Lucas in 1876 
and appears in his Théorie des Nombres (1891). 


Theorem 16.1 Lucas. If there exists an integer a such that a”~'! = 1 (mod n) and 
a—-/P % | (mod n) for all primes p dividing n — 1, then n is a prime. 


Proof. Leta have order k modulo n. According to Theorem 8.1, the condition a”! = 
(mod n) implies that k |n — 1; say,n — 1 =kj for some j. If j > 1, then j will have 
a prime divisor g. Thus, there is an integer h satisfying j = gh. As a result, 


a” Y/4 = (q’yt = 1" = 1 (modn) 
which contradicts our hypothesis. The implication of all this is that 7 = 1. But we 


already know that the order of a does not exceed ¢(n). Therefore,n — 1 =k < (n) < 
n — 1, so that d(n) = n — 1, which goes to show that n — 1 is prime. 


We illustrate the theorem in a specific instance. 


Example 16.6. Let us take n = 997. Then, for the base a = 7, 79° = 1 (mod 997). 
Because n — 1 = 996 = 2? -3 - 83, we compute 

7996/2. = 7498 = —1 (mod 997) 

7996/3 — 7332 = 304 (mod 997) 

7996/83 — 712 = 9 (mod 997) 


Taking Theorem 16.1 into account, 997 must be prime. 


Theorem 16.1 was improved in the late 1960s so that it is no longer necessary 
to find a single a for which all the hypotheses are satisfied. Instead, a suitable base 
is allowed for each prime factor of n — 1. The result merits being singled out, which 
we do as Theorem 16.2. 


Theorem 16.2. If for each prime p; dividing n — 1 there exists an integer a; such that 


a"! = 1 (mod n) but a” ¥ 1 (mod n), then n is prime. 
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Proof. Suppose thatn — 1 = pe py ... p*, with the p; distinct primes. Also let h; be 


the order of a; modulo n. The combination of h; |n — 1 andh; ¥ (n — 1)/p; implies 
that pi | h; (the details are left to the reader). But for each i, we have h; | é(n), and 
therefore pi | d(n). This gives n — 1| (1), whence n is prime. 


To provide an example, let us return ton = 997. Knowing the prime divisors of 
n — 1 = 996 to be 2, 3, and 83, we find for the different bases 3, 5, and 7 that 


3996/83 — 312 = 40 (mod 997) 
5996/2 — 5498 = _] (mod 997) 
7990/3 — 7732 = 304 (mod 997) 


Using Theorem 16.2, we can conclude that 997 is a prime number. 

There can be rather serious difficulties in implementing the last two theorems, for 
they reduce the problem of proving the primality of n to that of finding the complete 
factorization of its predecessor n — 1. In many cases it is no easier to factor n — 1 
than it would have been to factor n. Moreover, a great many primes p may have to 
be tried to show that the second part of the hypothesis is satisfied. 

In 1914, Henry Pocklington showed that it is not necessary to know all the 
prime divisors of n — 1. A primality investigation of n can be carried out as soon 
as n — 1] is factored only up to the point where the size of its factored part exceeds 
that of its unfactored part. However, some of the time saved is offset by the auxiliary 
calculations needed to find certain greatest common divisors. 

Theorem 16.3. Letn—1 = mj, wherem = p\i' ps? --- p*,m>,/n and gcd(m, j) = 1. 


If for each prime p; (1 < i <s) there exists an integer a; with ae = 1 (mod n) and 


ged(a\"~/?' — 1, n) = 1, then nis prime. 

Proof. Our argument is similar to that employed in Theorem 16.2. Let p be any 
prime divisor of n and take h; to be the order of a; modulo p. Then h; | p — 1. 
From the congruence gee: = 1 (mod p), we also get h; |n — 1. Now the hypoth- 
esis ged(a”— Pi 1 n)=1 indicates that aan P’ £1 (mod p), and therefore 
h; X (n —1)/p;. We infer that p*' |h;, which, in turn, leads us to p;’ | p — 1. Be- 
cause this holds for each i, m | p — 1. We end up with the contradiction that any prime 
divisor of n must be larger than m > ./n, thereby making n a prime. 


Comparing Theorem 16.3 with Theorem 16.2, we can see that the former the- 
orem requires that, for each prime divisor p of n — 1, a®~/? — 1 should not be 
a multiple of n; whereas, the latter imposes the more stringent condition that this 
quantity should be relatively prime to n, but for fewer values of p. The most striking 
advantage of Theorem 16.3 over Theorem 16.2 is that it does not demand a complete 
factorization, only a partial factorization that is large enough. The main drawback is 
that we do not know in advance whether sufficiently many factors of n — 1 can be 
obtained to have a successful test. 

It might be illuminating to establish the primality of n = 997 once again, this 
time using Pocklington’s theorem to provide the evidence. Again n — 1 = 996 = 
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12 - 83, where 83 > 4/997. Thus, we need only select a suitable base for 83, say 
a = 2. Now 2° = 1 (mod 997) and 


gcd(27°°/83 — 1, 997) = gcd(4095, 997) = 1 


leading to the conclusion that 997 is prime. 

Fermat’s theorem allows us to determine whether a large odd integer n > 1 is 
composite without explicitly exhibiting a nontrivial divisor. There is another direct 
test for compositeness, which is called the Miller-Rabin test. One selects a random 
integer, uses it to perform this test, and announces that 7 is either definitely composite 
or that its nature is still undecided. The algorithm may be described as follows: First 
writen — 1 = 2"m, where m is odd. Next choose anumber 1 < a < n — land form, 
modulo n, the sequence 


a”, a2” a” ees a” a2'™ gd 
in which each term is the square of its predecessor. Then n is said to pass the test for 
this particular base a if the first occurrence of 1 either is the first term or is preceded 
by —1. 

The coming theorem indicates that an odd prime will pass the above test for 
all such bases a. To reveal the compositeness of an odd integer, it is enough to find 
a value of a for which the test fails. Any such a is said to be a witness for the 
compositeness of n. For each odd composite n, at least three-fourths of the numbers 
a with 1 < a <n — 1 will be witnesses for n. 


Theorem 16.4. Let p be an odd prime and p — 1 = 2m, with m odd andh > 1. Then 
any integer a (1 < a < p — 1) satisfies a” = 1 (mod p) or a*” = —1 (mod p) for 
some j = 1,2,...,h—1. 


Proof. Assume that a has order k modulo p. By Theorem 8.1, k must divide p — 1 = 
2m. When k is odd, Euclid’s lemma tells us that k |m; say, m = kr for some integer 
r. The result is that 


a” = (a*yY = 1" = 1 (mod p) 


Now, take k to be even. In this case it may be written as k = 2/+1qd, where j = 0 and 
d is an odd integer. The relation 2/+!d |2"m yields j + 1 < h and d|m. Also, from 
the congruence a2’*"¢ = 1 (mod p) we get a” 4 = +1 (mod p). Because a has order k, 
a4 = | (mod p) is not possible. In consequence, a?’4 = —1 (mod p). Now m = dt 
for an odd integer t. This leads immediately to 

a?™ = (q?'4)t = (-1)! = —1 (mod p) 


which establishes the theorem. 


Before continuing, let us use Theorem 16.4 to test n = 2201 for compositeness. 
Now n — 1 = 23-275. Working modulo 2201, it turns out that 


2775 — 1582 2550 — 187 1100 — 1954 22200 — 1582 
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and hence 2201 fails the Miller-Rabin test fora = 2. Thus, 2201 is correctly asserted 
to be composite, with 2 serving as a witness. 

It should be emphasized that surviving the test for a single value of a does 
not guarantee that n is prime. For example, if n = 2047 = 23 - 89, then n — 1 = 
2 - 1023. Computing yields 2'°?? = 1 (mod 2047), so that 2047 passes the test. 

The Miller-Rabin test is often called a probabilistic primality test, because it 
uses random input to detect most prime numbers. Suppose that we wish to decide 
whether a given odd integer n is prime. Choose k integers aj, dz, ..., a, indepen- 
dently at random, with 0 < a; < n. If n fails the Miller-Rabin test for some one of 
the a;, then n is immediately seen to be composite. Although passing the test for all 
qa; is no actual guarantee of the primality of n, it might well make us strongly suspect 
that it is prime. In this situation, n is commonly described as being a probable prime 
(something of a misnomer, because n is either a prime or it is not). It can be shown 
that the probability of a composite integer surviving a series of k Miller-Rabin tests 
is at most Gy. With reasonable confidence in the correctness of the answer, we are 
able to declare that n is prime without any formal proof having been given. Modern 
computers make taking k = 100 in the random base procedure perfectly realistic, 
in which case the probability that n is actually prime is at least 1 — Gy 

One consequence of the Miller-Rabin test was the determination (1999) that the 
repunit R4998; is a probable prime. 


PROBLEMS 16.2 


1. Use Pollard’s rho-method to factor the following integers: 
(a) 299. 
(b) 1003. 
(c) 8051. 
2. Find a nontrivial factor of 4087 by the rho-method employing the indicated xo and f(x): 
(a) xo = 2, f(x) =x? -1. 
(b) xo = 3, f(x) = x7 +1. 
(c) xo =2, fxs) =2x? +441. 
3. By applying Pollard’s p — 1 method, obtain a factorization of 
(a) 1711. 
(b) 4847. 
(c) 9943. 
4. Use the continued fraction factorization algorithm to factor each of the following integers: 
(a) 1241 
[Hint: 1241 = [35; 4,2,1,1...].] 
(b) 2173 
(c) 949 
[Hint: The integer t;f3 is a square. ] 
(d) 7811 
[Hint: 7811 = [88; 2,1,1,1,2,1,1,2...] leads to tats = 857.] 
5. Factor 1189 by applying the continued fraction factorization algorithm to 7134 = 
6- 1189. 
6. Use the quadratic sieve method to factor each of the following integers: 
(a) 8131 
[Hint: Take —1,2,3,5,7 as the factor base. | 
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(b) 13199 

[Hint: Use the factor base —1,2,5,7,13,29.] 
(c) 17873 

[Hint: Use the factor base —1,2,7,11,23.] 

7. Use Lucas’s primality test to the base a to deduce that the integers below are prime: 
(a) 907, a = 2. 

(b) 1301, a =2. 
(c) 1709, a = 3. 

8. Verify the primality of the following integers by means of Pocklington’s theorem: 

(a) 917. 
(b) 5023. 
(c) 7057. 

9. Show that Pocklington’s theorem leads to the following result of E. Proth (1878). Let 
n=k-2" +1, where k is odd and 1 <k < 2”; if a”-/? = —1 (mod n) for some 
integer a, then n is prime. 

10. Use Proth’s result to establish the primality of the following: 
(a) 97=3-2 41. 
(b) 449 =7-2° +1. 
(c) 3329 = 13-28 +1. 
11. An odd composite integer that passes the Miller-Rabin test to the base a is said to be a 
strong pseudoprime to the base a. Confirm the assertions below: 
(a) The integer 2047 is not a strong pseudoprime to the base 3. 
(b) 25 is a strong pseudoprime to the base 7. 
(c) 65 is a strong pseudoprime to the base 8, and to the base 18. 
(d) 341 is a pseudoprime, but not a strong pseudoprime to the base 2. 
12. Establish that there are infinitely many strong pseudoprimes to the base 2. 
[Hint: If n is a pseudoprime (base 2), show that M,, = 2” — 1 is a strong pseudoprime to 
the base 2.] 
13. For any composite Fermat number F,, = 2?" + 1, prove that F,, is a strong pseudoprime 
to the base 2. 


16.3 AN APPLICATION TO FACTORING: REMOTE 
COIN FLIPPING 


Suppose that two people, Alice and Bob, wish to flip a fair coin while they are 
conversing over the telephone. Each entertains a doubt: would the person flipping 
the coin possibly cheat, by telling the party who calls the outcome that they are 
wrong—no matter how the coin turns up? Without resorting to the services of trusted 
witnesses, can a procedure be set up that cannot be biased by either Alice or Bob? 

In 1982, Manuel Blum devised a number-theoretic scheme, a two-part protocol, 
which meets the specifications of a coin toss: that is, the probability of correctly 
guessing the outcome is 1/2. The game’s security against duplicity hinges on the 
difficulty of factoring integers that are the products of two large primes of roughly 
the same size. 

At a certain stage in Blum’s game, one of the players is required to solve the 
quadratic congruence x? = a (modn). A solution is said to be a square root of 
the integer a modulo n. When n = pq, with p and q distinct odd primes, there 
are exactly four incongruent square roots of a modulo n. To see this, observe that 
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x* = a (mod n) admits a solution if and only if the two congruences 
x* =a (mod P) and x* =a (mod q) 


are both solvable. The solutions of these two congruences—assuming they exist— 
split into two pairs +x, (mod p) and +x, (mod q), which may be combined to form 
four sets of simultaneous congruences: 


x =x, (mod p) 
xX = X2 (mod q) 


= —x, (mod p) 
= —X2 (mod q) 


= x, (mod p) 


—X2 (mod q) 


—x, (mod p) 
xX = Xz (mod q) 


We find four square roots of a modulo n when we solve these systems using the 
Chinese Remainder Theorem. Before going any further, we pause for an example. 
Example 16.7. Let us determine the solutions of the congruence 
x* = 324 (mod 391) 


where 391 = 17 - 23; in other words, find the four square roots of 324 modulo 391. 
Now 


x* = 324 = 1 (mod 17) and x* = 324 = 2 (mod 23) 
have respective solutions 
x = +1 (mod 17) and x = +5 (mod 23) 
We therefore obtain four pairs of simultaneous linear congruences: 
x = 1 (mod 17) 
x = —5 (mod 23) 


x = —1 (mod 17) 


x = 5 (mod 23) 
x = 1 (mod 17) 
x = 5 (mod 23) 


x = —1 (mod 17) 
= —5 (mod 23) 
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The solutions of the first two pairs of congruences are x = 18 (mod 391) and 
= —18 (mod 391); the solutions of the last two pairs are x = 120 (mod 391) and 
= —120 (mod 391). Hence, the four square roots of 324 modulo 391 are x = +18, 

+120 (mod 391) or, using positive integers, 


x = 18, 120, 271, 373 (mod 391) 


We single out numbers of the form n = pq, where p = q = 3 (mod 4) are 
distinct primes, by referring to them as Blum integers. For integers of this type, the 
work of finding square roots modulo n (as indicated in Example 16.7) is simplified 
by observing that the two solutions of x? = a (mod p) are given by 


(p+1)/4 


x =a (mod p) 


This is seen from 
(bal? DAY? = g PTD? = gg?) .qg=1-a =a (mod p) 


with a?—))/2 = 1 (mod p) by Euler’s criterion. Take, as a particular instance, the 
congruence x” = 2 (mod 23). It admits the pair of solutions 


+23+D/4 = +9° = +64 = +5 (mod 23) 


With this brief detour behind us, let us return to Blum’s protocol for handling 
long-distance coin flipping. It is assumed that each player has a telephone-linked 
computer for carrying out computations during the game. The procedure is: 


1. Alice begins by choosing two large primes p and q, both congruent to 3 modulo 
4. She announces only their product n = pq to Bob. 


2. Bob responds by randomly selecting an integer 0 <x <n with gcd(x,n) = 1. 
He sends its square, a = x” (mod n), to Alice. (This corresponds to the coin 
flip.) 

3. Knowing p and q, Alice calculates the four square roots x, —x, y,—y of a 
modulo n. She picks one of them to send to Bob. (That is, Alice calls the toss.) 


4. If Bob receives +x, he declares Alice to have guessed correctly. Otherwise, Bob 
wins; for he is able to factor n. (A winner is announced.) 


Notice that each of the parties knows a different secret during the course of the 
game. The prime factors of n are Alice’s concealed information, and Bob’s personal 
secret is his choice of the integer x. Alice has no way of knowing x, so that her 
guess at tx among the possible square roots of a is a real one, with a 50% chance 
of success: she cannot do better than toss a coin to make her selection. 

If Bob receives y or —y from Alice, then he possesses two different square roots 
of a modulo n. He will be able to convince Alice that she has guessed incorrectly 
by sending back to her the factors p and q of n. To do this, Bob simply needs to 
calculate gcd(x + y, n). The underlying idea is that the congruence 


x? =a=y*(modn) x#+ty (modn) 
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leads to pq|(x + y)(x — y). This in turn implies that each prime divides either x + y 
or x — y, although both cannot divide the same factor. Thus gcd(x + y, 1) is either 
p or q, and gcd(x — y,n) produces the other prime factor. 

On the other hand, if Bob is sent either x or —x, then he has learned nothing 
new and is unable to factor n in a reasonable length of time. His failure to do so is 
an admission that Alice has won the game. After the game is over, she can assure 
Bob that she used a Blum integer by providing its factors. Bob should check that the 
disclosed factors are indeed primes. 

We close with an example of Blum’s game using small prime numbers, although 
modern-day computers allow primes with a hundred or more digits. 


Example 16.8. Alice begins by choosing the primes p = 43 and g = 71 and telling 
Bob their product, 3053 = 43 - 71. He responds by randomly selecting 192 as his secret 
number; then Bob computes 


1927 = 36864 = 228 (mod 3053) 


and sends back the value 228. 
To obtain the four square roots of 228 modulo 3053, Alice first solves the quadratic 
congruences 


x* = 228 =13(mod43) and x? = 228 = 15 (mod71) 
Because 43 = 71 = 3 (mod 4), their solutions turn out to be 
x = £13+D/4 = +13" = £20 (mod 43) 
x = t157+D/4 = +15!8 = £21 (mod 71) 
respectively. Next Alice solves the four systems of linear congruences determined by 
x = +20 (mod 43) and x = +21 (mod 71). From the Chinese Remainder Theorem, 


she finds that x = +192 (mod 3053) or x = +1399 (mod 3053); expressed as positive 
numbers, 


x = 192, 2861, 1399, 1654 (mod 3053) 


Of these four numbers, two are equivalent modulo 3053 to Bob’s secret number 
and the other two are not. Although Alice has an even chance of picking a “correct” 
number, let us suppose that she makes a nonwinning choice by guessing at 1399. This 
means that Bob has won the toss, but Alice prudently challenges him to prove it. So 
Bob determines the factorization of 3053 by calculating. 


gcd(192 + 1399, 3053) = gcd(1591, 3053) = 43 
gcd(192 — 1399, 3053) = gcd(—1207, 3053) = 71 


He sends these factors to Alice to confirm that she has chosen incorrectly. 


PROBLEMS 16.3 


1. Determine whether 12 has a square root modulo 85; that is, whether x? = 12 (mod 85) is 
solvable. 
2. Find the four incongruent solutions of each of the quadratic congruences below: 
(a) x? = 15 (mod 77). 
(b) x? = 100 (mod 209). 
(c) x? = 58 (mod 69). 
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3. Carry out the details of a long-distance coin toss in which Alice selects p = 23, g = 31 
and Bob chooses x = 73. 
4. For acoin toss over a phone line, Alice selects p = 47, q = 79 and Bob chooses x = 123. 
Of the four numbers Alice then calculates, which two represent losing calls? 
5. Here is another procedure for tossing coins electronically: 
(a) Alice and Bob agree on a prime number p such that p — 1 contains at least one large 
prime factor. 
(b) Bob chooses two primitive roots 7 and s of p. He sends the two roots to Alice. 
(c) Alice now picks an integer x, where gcd(x, p — 1) = 1. She returns to Bob one of the 
values y = r* (mod p) and y = s* (mod p). (This corresponds to the coin toss.) 
(d) Bob “calls the toss” by guessing whether r or s was used to calculate y. 
Work through the details of a coin toss where p = 173,r = 2,5 = 3, and x = 42. 


16.4 THE PRIME NUMBER THEOREM AND ZETA FUNCTION 


Although the sequence of prime numbers exhibits great irregularities of detail, a 
trend is definitely apparent “in the large.” The celebrated Prime Number Theorem 
allows us to predict, at least in gross terms, how many primes there are less than a 
given number. It states that if the number is n, then there are about n divided by logn 
(here, logn denotes the natural logarithm of n) primes before it. Thus, the Prime 
Number Theorem tells us how the primes are distributed “in the large,” or “on the 
average,” or “in a probability sense.” 

One measure of the distribution of primes is the function 2(x), which, for any 
real number x, represents the number of primes that do not exceed x; in symbols, 
(xk) =: p<x 1. In Chapter 3, we proved that there are infinitely many primes, 
which is simply an expression of the fact that lim,_,.5 m(x) = oo. Going in the other 
direction, it is clear that the prime numbers become on the average more widely 
spaced in the higher parts of any table of primes; in informal terms, one might say 
that almost all of the positive integers are composite. 

By way of justifying our last assertion, let us show that the limit 
lim,_+o0 7(x)/x = 0. Because m(x)/x > O for all x > 0, the problem is reduced 
to proving that 2(x)/x can be made arbitrarily small by choosing x sufficiently 
large. In more precise terms, what we shall prove is that if € > 0 is any number, then 
there must exist some positive integer N such that w(x)/x < € whenever x > N. 

To start, let n be a positive integer and use Bertrand’s conjecture to pick a 
prime p with 2"—! < p < 2”. Then p|(2”)!, but p { (2”~')!, so that the binomial 
coefficient Co) is divisible by p. This leads to the inequalities 


2 (*":) = I] eer 
2n-lep<2" 


and, upon taking the exponents of 2 on each side, the subsequent inequality 


n 


m(2") — 2(2""') < 


(1) 
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If we successively set n = 2k, 2k — 1, 2k — 2,...,3 in inequality (1) and add 
the resulting inequalities, we get 


2k r 
m(27*) — m(27) < 
(2?*) oD Bien 
But (27) ZO? trivially, so that 
- 2k r kor 2k or 
m(2~) < = _ 


In the last two sums, let us replace the denominators r — 1 by 1 and k, respectively, 
to arrive at 


k 2k or Q2k+1 
A Cape vee a Pais ie eres 
r=2 r=k+1 


Because k < 2", we have 2‘+! < 27*+!/k for k > 2, and therefore 
a 2k+1 92k 
2 2 = 4( — 
ne) <2(=-)=4(7) 


m(2%*) 4 


72k < k (2) 


With this inequality available, our argument proceeds rapidly to its conclusion. Given 
any real number x > 4, there exists a unique integer k satisfying 27*-* < x < 27. 
From inequality (2), it follows that 


ACS eames Oni iene 4 O20 a (=) 16 


which can be written as 


x x = Q2k-2 22k ‘ ke 
If we now take x > N = 27('6/el+) then k > [16/e] + 1; hence, 
U(x) 16 


M5 ee ne 
x ({16/e] +1) 


as desired. 
A well-known conjecture of Hardy and Littlewood, dating from 1923, is that 


m(x+y)<a(x)+7(y) 


for all integers x, y with 2 < y < x. Written as m(x + y) — 2(y) < (x), the in- 
equality asserts that no interval y<k < x+y of length x can contain as many 
prime numbers as there are in the interval 0 < k < x. Although the conjecture has 
been checked for x + y < 100000, it appears likely that there will be exceptions 
which, even though rare, will prove the conjecture false. The computations simply 
have not gone far enough to produce the first counterexample. Curiously, there is no 
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counterexample when x = y, because it has been shown (1975) that the inequality 
(2x) < 2x(x) holds for all x > 11. 
It was Euler (probably about 1740) who introduced into analysis the zeta function 


(oe) 
1 
o(s)= Jo — S18 $2543 4-- 
n=1 
the function on whose properties the proof of the Prime Number Theorem ultimately 
depended. Euler’s fundamental contribution to the subject is the formula representing 


¢(s) as a convergent infinite product; namely, 


= 
6) =[](1-=) s>l 


Pp Re 


where p runs through all primes. Its importance arises from the fact that it asserts 
equality of two expressions of which one contains the primes explicitly and the other 
does not. Euler considered ¢(s) as a function of a real variable only, but his formula 
nonetheless indicates the existence of a deep-lying connection between the theory 
of primes and the analytic properties of the zeta function. 

Euler’s expression for ¢(s) results from expanding each of the factors in the 
right-hand member as 


-1+4+(4)+(4) + 
L=1/p* p* p* p’ 


and observing that their product is the sum of all terms of the form 
1 
ki ok k,\s 
(py p> rete Pr ) 
where pj, ..., P, are distinct primes. Because every positive integer n can be written 
uniquely as a product of prime powers, each term 1/n* appears once and only once 
in this sum; that is, the sum simply is }°°°, 1/n’. 

It turns out that Euler’s formula for the zeta function leads to a deceptively short 
proof of the infinitude of primes: the occurrence of a finite product on the right-hand 
side would contradict the fact that lim,_,; €(s) = oo. 

A problem that continues to attract interest concerns the value of ¢(n) when n>1 


is an integer. Euler showed during the 1730s that ¢(2n) is a rational multiple of 12”, 
which makes it an irrational number: 


¢(2)=17/6, ¢(4)=72°/90, ¢(6)=71°/945, (8) = 7° /9450,... 


The question remains unsettled for odd integers. Only in 1978 did the French mathe- 
matician Roger Apéry establish that ¢ (3) is irrational; although the proof was hailed 
as “miraculous and magnificent” when it first appeared, it did not extend in any 
obvious way to ¢(2n + 1) forn > 1. However, in 2000 it was proved that infinitely 
many such values are irrational. 

The values of ¢(2n) can be expressed in terms of the so-called Bernoulli num- 
bers B,, named for James Bernoulli (1654-1705). Today these are usually defined 
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inductively by taking Bo = 1 and, forn > 1, 


n—-1 
n+ DB=->) ("Tf") a 


k=O 

A little calculation shows that the first few B, are 

Be =1 B, = -1/2 

By = 1/6 Bz, =0 

Bg =-—1/30 Bs5=0 

Be = 1/42 Bz =0 

Bg = —1/30 Boy =0 
For instance, 


5B4 = Bo — 5B, — 10B2 — 10B3 


so that By = —1/30. 

The Bernoulli numbers B,,; beyond the first are all equal to zero, while all of 
the Bo, are rational numbers, which, after the first, alternate in sign. In 1734, Euler 
calculated their values up to 


__ 8615841276005 
eo 14322 


Shortly thereafter he derived the remarkable formula 


(=1)"4!(2)" Bon 


~ Sol 
(2n)! 


¢(2n) = 

Legendre was the first to make any significant conjecture about functions that 

give a good approximation to (x) for large values of x. In his book Essai sur la 

Théorie des Nombres (1798), Legendre ventured that 7(x) is approximately equal 
to the function 


x 
log x — 1.08366 


By compiling extensive tables on how the primes distribute themselves in blocks of 
one thousand consecutive integers, Gauss reached the conclusion that z (x) increases 
at roughly the same rate as each of the functions x/ log x and 


; * du 
Li(x) = i 
2 logu 


with the logarithmic integral Li(x) providing a much closer numerical approxima- 
tion. Gauss’s observations were communicated in a letter to the noted astronomer 
Johann Encke in 1849, and first published in 1863, but appear to have begun as 
early as 1791 when Gauss was 14 years old—well before Legendre’s treatise was 
written. 
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It is interesting to compare these remarks with the evidence of the tables: 


x x 1(x) 
x (x) log x — 1.08366 log x Li@x) (x / log x) 
1000 168 172 145 178 1.159 
10,000 1,229 1,231 1086 1246 1.132 
100,000 9,592 9,588 8,686 9,630 1.104 
1,000,000 78,498 78,543 72,382 78,628 1.084 
10,000,000 664,579 665,140 620,420 664,918 1.071 
100,000,000 5,761,455 5,768,004 5,428,681 5,762,209 1.061 


The first demonstrable progress toward comparing z (x) with x / log x was made 
by the Russian mathematician P. L. Tchebycheff. In 1850, he proved that there exist 
positive constants a and b,a < 1 < b, such that 


x x 
a <m(x)<b 
(=) (=) 


for sufficiently large x. Tchebycheff also showed that if the quotient 2 (x)/(x/ log x) 
has a limit as x increases, then its value must be 1. Tchebycheff’s work, fine as it 
is, is arecord of failure: what he could not establish is that the foregoing limit does 
in fact exist, and, because he failed to do this, he failed to prove the Prime Number 
Theorem. It was not until some 45 years later that the final gap was filled. 

We might observe at this point that Tchebycheff’s result implies that the series 
> 2 1/p, extended over all primes, diverges. To see this, let p, be the nth prime, so 
that 2 (p,) = n. Because we have 


x 
u(x) >a ( ) 
log x 


for sufficiently large x, it follows that the inequality 


n = 1(Pn) >a (=) > /Pn 


holds if n is taken sufficiently large. But n? > p, leads to log py, < 2logn, and 
therefore we get 


apn < nlog pn, < 2nlogn 


when n is large. In consequence, the series )--~, 1/p, will diverge in comparison 
with the known divergent series )-~.,(1/n logn). 

A result similar to the previous one holds for primes in arithmetic progressions. 
We know that if gcd(a, b) = 1, then there are infinitely many primes of the form 
p = an + b. Dirichlet proved that the sum of 1/p, taken over such primes, diverges. 
For instance, it applies to 4n + 1 primes: 

{aes | 1 1 1 1 
atip 5 138 17 9 37 


is a divergent series. 
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A dramatic change takes place when the primes are allowed to run over just 
the twin primes. In 1919, the Norwegian mathematician Viggo Brun showed that 
the series formed by the reciprocals of the twin primes converges. The twin primes 
(even if there are infinitely many of them) are “sufficiently scarce” in the sequence 
of all primes to cause convergence. 


The sum 
B= aici (eenoniny (ey eee Pe 
TAS 25 ee: 11 13 


which is called Brun’s constant, is estimated to be 1.9021604 + 5 - 10-7. Notice that 
the prime 5 appears in the two twin pairs 3,5 and 5,7; no other prime number enjoys 
this property. 

Let 22(x) denote the number of twin primes not exceeding x; that is, the number 
of primes p for which p + 2 < x is also a prime. A famous conjecture (1923) of 
Hardy and Littlewood is that 272(x) increases much like the function 


x di 


2 (logu)? 
where C = 0.661618158... is known as the twin-prime constant. The next table 
gives some idea how closely 2 is approximated by L(x). 

The radically new ideas that were to furnish the key to a proof of the Prime Num- 
ber Theorem were introduced by Bernhard Riemann in his epoch-making memoir 
Uber die Anzahl der Primzahlen unter einer gegebenen Grosse of 1859 (his only 
paper on the theory of numbers). Where Euler had restricted the zeta function ¢(s) 
to real values of s, Riemann recognized the connection between the distribution of 
primes and the behavior of ¢(s) as a function of a complex variable s = a + bi. He 
enunciated a number of properties of the zeta function, together with a remarkable 
identity, known as Riemann’s explicit formula, relating 2 (x) to the zeros of ¢(s) in 
the s-plane. The result has caught the imagination of most mathematicians because it 
is SO unexpected, connecting two seemingly unrelated areas in mathematics; namely, 
number theory, which is the study of the discrete, and complex analysis, which deals 
with continuous processes. 


L»(x) = 2C 


x 72(Xx) L2(x) — ma2(x) 
10° 35 11 

10* 205 9 

10° 1,224 25 

10° 8,169 79 

107 58,980 —226 

108 440,312 56 

10° 3,424,506 802 

101° 27,412,679 —1262 

10!! 224,376,048 —7183 


In his memoir, Riemann made a number of conjectures concerning the distri- 
bution of the zeros of the zeta function. The most famous is the so-called Riemann 
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hypothesis, which asserts that all the nonreal zeros of ¢(s) are at points 5 + bi 
of the complex plane; that is, they lie on the “critical line” Re(s) = 7: In 1914, 
G. H. Hardy provided the first concrete result by proving that there are infinitely 
many zeros of ¢(s) on the critical line. A series of large computations has been 
made, culminating in the recent verification that the Riemann hypothesis holds for 
all of the first (1.5)10!° zeros, an effort that involved over a thousand hours on 
a modern supercomputer. This famous conjecture has never been proved or dis- 
proved, and it is undoubtedly the most important unsolved problem in mathematics 
today. 

Riemann’s investigations were exploited by Jacques Hadamard and Charles 
de la Vallée Poussin who, in 1896, independently of each other and almost 
simultaneously, succeeded in proving that 

(x) 


x00 x/ log x 


The result expressed in this formula has since become known as the Prime Number 
Theorem. De la Vallée Poussin went considerably further in his research. He showed 
that, for sufficiently large values of x, z(x) is more accurately represented by the 
logarithmic integral Li(x) than by the function 


x 
logx —A 


no matter what value is assigned to the constant A, and that the most favorable 
choice of A in Legendre’s function is 1. This is at variance with Legendre’s original 
contention that A = 1.08366, but his estimate (based on tables extending only as 
far as x = 400000) had long been recognized as having little more than historical 
interest. 

Today, a good deal more is known about the relationship between (x) and 
Li(x). We shall only mention a theorem of Littlewood to the effect that the difference 
m(x) — Li(x) assumes both positive and negative values infinitely often as x runs 
over all positive integers. Littlewood’s result is a pure “existence theorem” and no 
numerical value for x for which 2(x) — Li(x) is positive has ever been found. It is 
a curious fact that an upper bound on the size of the first x satisfying 2(x) > Li(x) 
is available; such an x must occur someplace before 


2/9 19104 
~ 10 


a number of incomprehensible magnitude. Hardy contended that it was the largest 
number that ever had a practical purpose. This upper limit, obtained by S. Skewes in 
1933, has gone into the literature under the name of the Skewes number. Somewhat 
later (1955), Skewes decreased the top exponent in his number from 34 to 3. In 1997, 
this bound was reduced considerably when it was proved that there are more than 
103!! successive integers x in the vicinity of (1.398) 107!° for which m(x) > Li(x). 
However, an explicit numerical value of x is still beyond the reach of any computer. 
What is perhaps remarkable is that z(x) < Li(x) for all x at which 2(x) has been 
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calculated exactly, that is, for all x in the range x < 2 - 10'8. Some values are given 


in the table: 


x 


10° 

1910 
101! 
1012 
1013 
1014 
1015 
10916 
1017 
1018 


(x) 


50,847,534 

455,052,511 
4,118,054,813 
37,607,912,018 

346,065 ,536,839 
3,204,941 ,750,802 
29,844,570,422,669 
279,238,341 ,033,925 
2,623,557,157,654,233 
24,739,954,287,740,860 


Li(x) — a(x) 


1701 

3104 
11,588 
38,263 
108,971 
314,890 
1,052,619 
3,214,632 
7,956,589 
21,949,555 


Although this table gives the impression that Li(x) — 2(x) is always positive and 
gets larger as x increases, negative values will eventually overwhelm the positive 
ones. 

A useful sidelight to the Prime Number Theorem deserves our attention; to wit, 


nlogn 


lim ay | 
noo Pn 
For, starting with the relation 
] 
ee COE 
x—>0O x 


we may take logarithms and use the fact that the logarithmic function is continuous 
to obtain 


lim [log 2(x) + logdog x) — log x] = 0 
x70 
or equivalently, 
] 
én og(log x) 
X00 log x X00 log x 
But lim,_,.5 log(log x)/ log x = 0, which leads to 
log 1(x) a 
x>00 logx 
We then get 
(x) log x 
m a 
x—>0O xX 
m(x)loga(x) logx 
m ———E ee 


= ji yp en eae Se 
: log 1(x) 


x7 CO eX; 
. m(x)logz(x) 
lim. ——————_ 


x—>0O x 


SOME MODERN DEVELOPMENTS 383 


Setting x = p,, so that 2(p,) = n, the result 


. nilogn 
lim —— 


n>o Pn 


=] 


follows. This may be interpreted as asserting that if there are n primes in an interval, 
then the length of the interval is roughly n logn. 

Until recent times, the opinion prevailed that the Prime Number Theorem could 
not be proved without the help of the properties of the zeta function and without 
recourse to complex function theory. It came as a great surprise when in 1949 the 
Norwegian mathematician Atle Selberg discovered a purely arithmetical proof. His 
paper An Elementary Proof of the Prime Number Theorem is “elementary” in the 
technical sense of avoiding the methods of modern analysis; indeed, its content is 
exceedingly difficult. Selberg was awarded a Fields Medal at the 1950 International 
Congress of Mathematicians for his work in this area. The Fields Medal is considered 
to be the equivalent in mathematics of a Nobel Prize. (The thought that mathematics 
should be included in his areas of recognition seems never to have occurred to Alfred 
Nobel.) Presented every 4 years to a person under 40, the medal is the mathematical 
community’s most distinguished award. 


It will be another million years, at least, before we understand the primes. 
PAUL ErRDOs 


MISCELLANEOUS PROBLEMS 


The 


positive integers stand there, a continual and inevitable challenge to the 


curiosity of every healthy mind. 
G. H. Harpy 


Ne eS 


10. 


11. 
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. Use induction to establish the following: 


(a) foe oa ate np pana) = ee 


1 1 1 5 
n 
bie Se ee es 
ONS aro. (4n—3)(4n+1) 4n+1 
1 1 
(c) 1} 4+ et +n 
V2 V3 aN 
. Prove that 
n Bra 
3 2 6 


is an integer forn > 1. 


. Ifn > 1, establish the divisibility assertions below: 


(a) 72a + A3ntl a. 1. 
(b) 133] 11"? + 122"4+1, 
(c) i | 35” ae 4ont2 ne 5ontl 


. Verify that gced(v!+1,a#4+)!+)=1. 
. For all n > 1, prove that 8 - 27" + 1 is composite. 
. Find all primes p for which 29p + 1 is a perfect square. 


If n? + 2 is prime, show that 3 | n. 


. Show that if p > 3 and gq = p + 2 are twin primes, then pq = —1 (mod 9). 
. Prove the following: 


(a) If7|a? + b? + c?, then 7|a or7|b or7|c. 

(b) 9} —1% 4+n374+ (04+ 1) foralln > 1. 

For positive integers n and m, establish that 3” + 3” + 1 is never a perfect square. 
[Hint: Work modulo 8. ] 

Find the smallest positive value of n for which 

(a) Equation 301x + 77y = 2000 + nv has a solution. 

(b) Equation 5x + 7y =n has exactly three positive solutions. 


12. 


13. 
14. 
15. 


16. 


17. 
18. 
19. 


20. 
21. 
22. 
23. 
24. 
25. 


26. 


27. 


28. 


29. 


30. 


31. 


32. 


33. 


34. 


35. 
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For n > 1, let 2” and 2"+! be written in decimal form. If N is the number formed by 
placing these decimal representations side by side, show that 3 | N. For example, when 
n = 6, we have 3 | 64128 and 3 | 12864. 

For what digits X is 242628X 91715131 divisible by 3? 

Find the last digit of 199919? and the last two digits of 3432". 

The three children in a family have feet that are 5, 7, and 9 inches long. Each child 
measures the length of the dining room in their housing using their feet, and each finds 
that there are 3 inches left over. How long is the dining room? 

In the sequence of triangular numbers, suppose that 


ba lA a tn+1) = Ik 


Determine k as a function of n. 

Prove that a repunit prime R, cannot be expressed as the sum of two squares. 
Find the remainder when 70!/18 is divided by 71. 

State and prove the general result illustrated by 


4? = 16 347 = 1156 334? = 111556 3334? = 11115556,... 


If p is a prime, show that p | (t(p)@(p) + 2) and p | (t(p)o(p) — 2). 
Establish the formula )°,,,, u(d)2°/® = | w(n)|. 

Prove that n is an even integer if and only if }°, ie o(d)u(d) = 0. 

If t(n) is divisible by an odd prime, show that y(n) = 0. 

Determine whether 97 divides n? — 85 for some choice of n > 1. 
Find all integers n that satisfy the equation 


(n—1P +r? +(n4+1% =(n +297 


[Hint: Work with the equation obtained by replacing n by k + 4.] 
Prove that the Fermat numbers are such that 


F, + Fn41 = 1 (mod 7) 


Verify that 6 is the only square-free even perfect number. 

Given any four consecutive positive integers, show that at least one cannot be written as 
the sum of two squares. 

Prove that the terms of the Lucas sequence satisfy the congruence 


2” Ly, = 2 (mod 10) 


Show that infinitely many Fibonacci numbers are divisible by 5, but no Lucas numbers 
have this property. 
For the Fibonacci numbers, establish that 18 divides 


Until + Un47 + 8Unys + Un43 + 2Un n>1 


Prove that there exist infinitely many positive integers n such that n and 3n — 2 are per- 
fect squares. 
If n = 5 (mod 10), show that 11 divides the sum 


12" +9" + 8" +6" 


Establish the following: 

(a) 7 divides no number of the form 2” + 1,n > 0. 

(b) 7 divides infinitely many numbers of the form 10” + 3,n > 0. 

For n = +4 (mod 9), show that the equation n = a? + b> +c? has no integer solution. 
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36. 
37. 


38. 


39. 


40. 


41. 


42. 


43. 


44, 


45. 
46. 


47. 


48. 


49. 


50. 
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Prove that if the odd prime p divides a? + b?, where gcd(a, b) = 1, then p = 1 (mod 4). 
Find an integer n for which the product 9999 - n is a repunit. 

[Hint: Work with the equation 9999 -n = Ra,.] 

Verify that 10 is the only triangular number that can be written as the sum of two 
consecutive odd squares. 

Determine whether there exists a Euclidean number 


Pepa 2 3055 aap el 


that is a perfect square. 

Consider a prime p = 1 (mod 60). Show that there exist positive integers a and b with 
p = a? + b’, where 3 divides a or b and 5 divides a or b. 

Prove that the sum 


299 + 2999 + 29999 + --- + 29999999999999 


is divisible by 12. 

Use Pell’s equation to show that there are infinitely many integers that are simultaneously 
triangular numbers and perfect squares. 

Givenn > 0, show that there exist infinitely many k for which the integer (2k + 1)2” + 1 
is prime. 

Show that each term of the sequence 


16, 1156, 111556, 11115556, 1111155556.... 


is a perfect square. 

Find all primes of the form p? + 2”, where p is a prime. 

The primes 37,67,73,79, ... are of the form p = 36ab + 6a — 6b +1, with a > 1, 
b > 1. Show that no pair of twin primes can contain a prime of this form. 

Prove that n! is not a perfect square forn > 1. 

[Hint: Use Bertrand’s conjecture. ] 

A near-repunit is an integer ; R, that has n — 1 digits equal to 1, and one 0 in the k + 1’st 
place from the right; that is, 


gRn = Rn—p-110*t! + Ry = 111---11011---111 


Show that if gcd(n — 1, 3k) > 1, then; R, is composite. 

Let p1, P2,---, Pn be the first n primes in the natural order. Show that there are at least 
two new primes in the interval p, < x < pip2---: Pp, +1 forn > 2. 

Verify that there exist no primes p and q that satisfy the condition p? = 10% — 999. 
[Hint: Work modulo 7.] 
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TABLE 1 


The least primitive root r of each prime p, where 2 < p < 1000. 
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TABLE 2 


The smallest prime factor of each odd integer n, 3 <n < 4999, not divisible by 5; a dash in the 
table indicates that n is itself prime. 


1 101 = 201 3 301 7 401 — 
3 = 103 == 203 4 303 3 403 13 
F) = 107 = 207 3 307 = 407 11 
9 3 109 — 209 11 309 3 409 — 

11 = 111 3 211 = 311 = 411 3 

13 — 133 = 213 3 313 = 413 7 

17 — 117 3 217 ? 317 = 417 3 

19 — 119 ? 219 3 319 11 419 — 

21 3 121 11 221 13 321 3 421 ae 

23 — 123 3 223 = 323 17 423 3 

27 3 127 _ 227 _ 327 3 427 ri 

29 — 129 3 229 — 329 7 429 3 

31 — 131 =e 231 3 331 = 431 — 

33 3 133 7 233 _ 333 3 433 — 

37 — 137 — 237 3 337 — 437 19 

39 3 139 — 239 — 339 3 439 

41 — 141 3 241 = 341 1! 441 3 

43 = 143 11 243 3 343 Fi 443 — 

47 = 147 3 247 13 347 — 447 3 

49 7 149 = 249 3 349 a 449 

$1 3 151 = 251 — 351 3 451 1k 

53 — 153 3 253 11 353 — 453 

57 3 157 = 257 = 357 3 457 = 

59 — 159 3 259 359 — 459 3 

61 = 161 7 261 3 361 19 461 = 

63 3 163 — 263 = 363 3 463 _ 

67 — 167 — 267 3 367 — 467 = 

69 3 169 13 269 —_ 369 3 469 7 

71 — 171 4 271 = 371 Bi 471 3 

73 = 173 — 273 3 373 = 473 12 

77 Zz 177 3 277 a 377 13 477 3 

79 — 179 — 279 3 379 ~ 479 — 

81 3 181 — 281 _ 381 3 481 13 

83 vor 183 3 283 — 383 = 483 3 

87 3 187 11 287 7 387 3 487 = 

89 — 189 3 289 17 389 = 489 3 

91 ¥ 191 _ 291 3 391 17 491 — 

93 3 193 — 293 — 393 3 493 17 

97 = 197 — 297 3 397 = 497 7 

99 3 199 — 299 13 399 3 499 _ 


501 
503 
507 
509 
S511 
513 
S17 
519 
521 
§23 
527 
529 
531 
533 
537 
539 
541 
543 
547 
549 
551 
5533 
557 
559 
561 
563 
567 
569 
571 
573 
77 
579 
581 
583 
587 
589 
591 
593 
597 
599 


601 
603 
607 
609 
611 
613 
617 
619 
621 
623 
627 
629 
631 
633 
637 
639 
641 
643 
647 
649 
651 
653 
657 
659 
661 
663 
667 
669 
671 
673 
677 
679 
681 
683 
687 
689 
691 
693 
697 
699 


TABLE 2 (cont'd) 
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823 
827 
829 
831 
833 
837 
839 
841 
843 
847 
849 
851 
853 
857 
859 
861 
863 
867 
869 
871 
873 
877 
879 
881 
883 
887 
889 
891 
893 
897 
899 
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1001 
1003 
1007 
1009 
1011 
1013 
1017 
1019 
1021 
1023 
1027 
1029 
1031 
1033 
1037 
1039 
1041 
1043 
1047 
1049 
1051 
1053 
1057 
1059 
1061 
1063 
1067 
1069 
1071 
1073 
1077 
1079 
1081 
1083 
1087 
1089 
1091 
1093 
1097 
1099 
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1101 
1103 
1107 
1109 
1111 
1113 
1117 
1119 
1121 
1123 
1127 
1129 
1131 
1133 
1137 
1139 
1141 
1143 
1147 
1149 
1151 
1153 
1157 
1159 
1161 
1163 
1167 
1169 
1171 
1173 
1177 
1179 
1181 
1183 
1187 
1189 
1191 
1193 
1197 
1199 


lwtwuGwuowsd al ou] wil wl wo 


oleelwlwielaw | ws | 


—_ 
as 


TABLE 2 (cont'd) 


1201 
1203 
1207 
1209 
1211 
1213 
1217 
1219 
1221 
1223 
1227 
1229 
123} 
1233 
1237 
1239 
1241 
1243 
1247 
1249 
1251 
1253 
1257 
1259 
1261 
1263 
1267 
1269 
1271 
1273 
1277 
1279 
1281 
1283 
1287 
1289 
1291 
1293 
1297 
1299 
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1301 
1303 
1307 
1309 
1311 
1313 
1317 
1319 
1321 
1323 
1327 
1329 
1331 
1333 
1337 
1339 
1341 
1343 
1347 
1349 
1351 
1353 
1357 
1359 
1361 
1363 
1367 
1369 
1371 
1373 
1377 
1379 
1381 
1383 
1387 
1389 
1391 
1393 
1397 
1399 


1401 
1403 
1407 
1409 
1411 
1413 
1417 
1419 
1421 
1423 
1427 
1429 
1431 
1433 
1437 
1439 
1441 
1443 
1447 
1449 
1451 
1453 
1457 
1459 
1461 
1463 
1467 
1469 
1471 
1473 
1477 
1479 
1481 
1483 
1487 
1489 
1491 
1493 
1497 
1499 
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TABLE 2 (cont'd) 
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TABLE 2 (cont'd) 


7 
3 
29 
3 
19 
41 
3 
3 
7 
11 
3 
3 
2041 13 2341 — 2441 — 
2043 3 2343 3 2443 7 
2047 23 2247 3 2347 — 2447 — 
2049 3 2249 13 2349 3 2449 31 
2051 =7 2251 — 2351 — 2451 3 
2053 — 2253 3 2353 13 2453 11 
2057 11 2257 37 2357 — 2457 3 
2059 29 2559 3 2359 7 2459 — 
2061 3 2261 7 2361 3 2461 23 
2063 — 2263 31 2363 17 2463 3 
2067 3 2267 — 2367 3 2467 — 
2069 — 2269 — 2369 23 2469 3 
2071 19 2271 3 2371 — 2471 7 
2073 223 = 2373 «3 2473 — 
2077 31 2277 3 2377 — 2477 — 
2079 2279 43 2379 3 2479 37 
2081 — 2281 — 2381 — 2481 83 
2083 — 2283 3 2383 — 2483 13 
2087 — 2287 — 2387 7 2487 3 
2089 — 2289 3 2389 — 2489 19 
2091 3 2291 29 2391 3 2491 47 
2093 7 2293 — 2393 — 2493 3 
2097 3 2297 — 2397 3 2497 11 
2099 — 2299 Vi 2399 — 2499 3 


2501 


41 


2503 — 


2507 
2509 
2511 
2513 
2517 
2519 
2521 
2523 
2527 
2529 
2531 
2533 
2537 
2539 
2541 
2543 
2547 
2549 
2551 
2553 
2557 
2559 
2561 
2563 
2567 
2569 
2571 
2573 
2577 
2579 
2581 
2583 
2587 
2589 
2591 
2593 
2597 
2599 
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3 
13 
11 
17 
7 
3 
31 


2691 
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2607 
2609 
2611 
2613 
2617 
2619 
2621 
2623 
2627 
2629 
2631 
2633 
2637 
2639 
2641 


| 2643 


2647 
2649 
2651 
2653 
2657 
2659 
2661 
2663 
2667 
2669 
2671 
2673 
2677 
2679 
2681 
2683 
2687 
2689 
2691 
2693 
2697 
2699 


TABLE 2 (cont'd) 


2701 
2703 
2707 
2709 
2711 
2713 
2717 
2719 
2721 
2723 
2727 
2729 
2731 
2733 
2737 
2739 
2741 
2743 
2747 
2749 
2751 
2753 
2757 
2759 
2761 
2763 
2767 
2769 
2771 
2773 
2777 
2779 
2781 
2783 
2787 
2789 
2791 
2793 
2797 
2799 
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2801 
2803 
2807 
2809 
2811 
2813 
2817 
2819 
2821 
2823 
2827 
2829 
2831 
2833 
2837 
2839 
2841 
2843 
2847 
2849 
2851 
2853 
2857 
2859 
2861 
2863 
2867 
2869 
2871 
2873 
2877 
2879 
2881 
2883 
2887 
2889 
2891 
2893 
2897 
2899 
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2901 
2903 
2907 
2909 
2911 
2913 
2917 
2919 
2921 
2923 
2927 
2929 
2931 
2933 
2937 
2939 
294) 
2943 
2947 
2949 
2951 
2953 
2957 
2959 
2961 
2963 
2967 
2969 
2971 
2973 
2977 
2979 
2981 
2983 
2987 
2989 
2991 
2993 
2997 
2999 
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400 


3001 
3003 
3007 
3009 
3011 
3013 
3017 
3019 
3021 
3023 
3027 
3029 
3031 
3033 
3037 
3039 
3041 
3043 
3047 
3049 
3051 
3053 
3057 
3059 
3061 
3063 
3067 
3069 
3071 
3073 
3077 
3079 
3081 
3083 
3087 
3089 
3091 
3093 
3097 
3099 
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3101 
3103 
3107 
3109 
3111 
3113 
3117 
3119 
3121 
3123 
3127 
3129 
3131 
3133 
3137 
3139 
3141 
3143 
3147 
3149 
3151 


| 3153 


3157 
3159 
3161 
3163 
3167 
3169 
3171 
3173 
3177 
3179 
3181 
3183 
3187 
3189 
3191 
3193 
3197 
3199 
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TABLE 2 (cont'd) 


3201 
3203 
3207 
3209 
3211 
3213 
3217 
3219 
3221 
3223 
3227 
3229 
3231 
3233 
3237 
3239 
3241 
3243 
3247 
3249 
3251 
3253 
3257 
3259 
3261 
3263 
3267 
3269 
3271 
3273 
3277 
3279 
3281 
3283 
3287 
3289 
3291 
3293 
3297 
3299 
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3301 
3303 
3307 
3309 
3311 
3313 
3317 
3319 
3321 
3323 
3327 
3329 
3331 
3333 
3337 
3339 
3341 
3343 
3347 
3349 
3351 
3353 
3357 
3359 
3361 
3363 
3367 
3369 
3371 
3373 
3377 
3379 
3381 
3383 
3387 
3389 
3391 
3393 
3397 
3399 
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3401 
3403 
3407 
3409 
3411 
3413 
3417 
3419 
3421 
3423 
3427 
3429 
3431 
3433 
3437 
3439 
3441 
3443 
3447 
3449 
3451 
3453 
3457 
3459 
3461 
3463 
3467 
3469 
3471 
3473 
3477 
3479 
3481 
3483 
3487 
3489 
3491 
3493 
3497 
3499 


3561 
3503 
3507 
3509 
3511 
3513 
3517 
3519 
3521 
3523 
3527 
3529 
3531 
3533 
3537 
3539 
3541 
3543 
3547 
3549 
3551 
3553 
3557 
3559 
3561 
3563 
3567 
3569 
3571 
3573 
3577 
3579 
3581 
3583 
3587 
3589 
3591 
3593 
3597 
3599 
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3601 
3603 
3607 
3609 
3611 
3613 
3617 
3619 
3621 
3623 
3627 
3629 
363) 
3633 
3637 
3639 
3641 
3643 
3647 
3649 
3651 
3653 
3657 
3659 
3661 
3663 
3667 
3669 
3671 
3673 
3677 
3679 
3681 
3683 
3687 
3689 
3691 
3693 
3697 
3699 


eleweda| bia) ws 


— 
<2) 


| w | 


j we ke tesa | wee te Ee | Sw 


TABLE 2 (cont'd) 


3817 
3819 
3821 
3823 
3827 
3829 
3831 
3833 
3837 
3839 
3841 
3843 
3847 
3849 
3851 
3853 
3857 
3859 
3861 
3863 
3867 
3869 
3871 
3873 
3877 
3879 
3881 
3883 
3887 
3889 
3891 
3893 
3897 
3899 


3901 
3903 


| 3907 


3909 
3911 
3913 
3917 
3919 
3921 
3923 
3927 
3929 
3931 
3933 
3937 
3939 
3941 
3943 
3947 
3949 
3951 
3953 
3957 
3959 
3961 
3963 
3967 
3969 
3971 
3973 
3977 
3979 
3981 
3983 
3987 
3989 
3991 
3993 
3997 
3999 
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401 


402 


4001 
4003 
4007 
4009 
4011 
4013 
4017 
4019 
4021 
4023 
4027 
4029 
4031 
4033 
4037 
4039 
4041 
4043 
4047 
4049 
4051 
4053 
4057 
4059 
4061 
4063 
4067 
4069 
4071 
4073 
4077 
4079 
4081 
4083 
4087 
4089 
4091 
4093 
4097 
4099 
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4101 
4103 
4107 
4109 
4111 
4113 
4117 
4119 
4121 
4123 
4127 
4129 
4131 
4133 
4137 
4139 
4141 
4143 
4147 
4149 
4151 
4153 
4157 
4159 
4161 
4163 
4167 
4169 
4171 
4173 
4177 
4179 
4181 
4183 
4187 
4189 
4191 
4193 
4197 
4199 


TABLE 2 (cont'd) 


4201 
4203 
4207 
4209 
4211 
4213 
4217 
4219 
4221 
4223 
4227 
4229 
4231 
4233 
4237 
4239 
4241 
4243 
4247 
4249 
4251 
4253 
4257 
4259 
4261 
4263 
4267 
4269 
4271 
4273 
4277 
4279 
4281 
4283 
4287 
4289 
4291 
4293 
4297 
4299 
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4301 
4303 
4307 
4309 
4311 
4313 
4317 
4319 
4321 
4323 
4327 
4329 
4331 
4333 
4337 
4339 
4341 
4343 
4347 
4349 
4351 
4353 
4357 
4359 
4361 
4363 
4367 
4369 
4371 
4373 
4377 
4379 
4381 
4383 
4387 
4389 
4391 
4393 
4397 
4399 


4501 
4503 
4507 
4509 
4511 
4513 
4517 
4519 
4521 
4523 
4527 
4529 
4531 
4533 
4537 
4539 
4541 
4543 
4547 
4549 
4551 
4553 
4557 
4559 
4561 
4563 
4507 
4509 
4571 
4573 
4577 
4579 
4581 
4583 
4587 
4589 
4591 
4593 
4597 
4599 
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4601 
4603 
4607 
4609 
4611 
4613 
4617 
4619 
4621 
4623 
4627 
4629 
4631 
4633 
4637 
4639 
4641 
4643 
4647 
4649 
4651 
4653 
4657 
4659 
4661 
4663 
4667 
4669 
4671 
4673 
4677 
4679 
4681 
4683 
4687 
4689 
4691 
4693 
4697 


4699 


TABLE 2 (cont'd) 
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4901 13 
4903, — 
4907 7 
4909 
4911 3 
4913 17 
4917 3 
4919 — 
4921 7 
4923 3 
4927 13 
4929 
4931 — 
4933, — 
4937 — 
4939 11 
4941 3 
4943 — 
4947 3 
4949 7 
4951 — 
3 
3 


| 4953 

4957 

| 4959 

4961 Il 
4963 7 
4967 — 
4969 — 
4971 3 
4973 
4977 
4979 
4981 
4983 
4987 — 
4989 3 
4991 7 
4993 — 
| 4997 19 


4999 — 
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404 TABLES 


The prime numbers between 5000 and 10,000. 


5003 
5009 
5011 
5021 
5023 


5039 
5051 
5059 
5077 
5081 


5087 
5099 
5101 
5107 
5113 


5119 
5147 
“$153 
5167 
5171 


5179 
5189 
5197 
5209 
5227 


§231 
5233 
5237 
5261 
5273 


5279 
5281 
5297 
5303 
5309 


5323 
5333 
5347 
5351 
5381 


5387 
5393 
5399 
5407 
5413 


5417 
5419 
5431 
5437 
5441 


5443 
5449 
5471 
5477 
5479 


5483 
5501 
5503 
5507 
5519 


5521 
5527 
5531 
5557 
5563 


5569 
5573 
5581 
5591 
5623 


5639 
5641 
5647 
5651 
5653 


5657 
5659 
5669 
5683 
5689 


TABLE 3 


5693 
5701 
5711 
5717 
5737 


5741 
5743 
5749 
5779 
5783 


5791 
5801 
5807 
5813 
5821 


5827 
5839 
5843 
5849 
5851 


5857 
5861 
5867 
5869 
5879 


5881 
5891 
5903 
5923 
5927 


5939 
5953 
5981 
5987 
6007 


6011 
6029 
6037 
6043 
6047 


6053 
6067 
6073 
6079 
6089 


6091 
6101 
113 
$121 
6131 


6133 
6143 
#151 
163 
6173 


197 
6199 
6203 
@211 
6217 


6221 
6229 
6247 
6257 
6263 


6269 
271 
6277 
6287 
6299 


6301 
6311 
6317 
6323 
6329 


6337 
6343 
6353 
6359 
6361 


6367 
6373 
6379 
6389 
6397 


6421 
6427 
6449 
6451 
6469 


6473 
6481 
6491 
6521 
€529 


6547 
6551 
6553 
6563 
6569 


6571 
6577 
6581 
6599 
6607 


6619 
6637 
6653 
6659 
6661 


6673 
6679 
6689 
6691 
6701 


6703 
6709 
6719 
6733 
6737 


6761 
6763 
6779 
781 
6791 


6793 
6803 
€823 
6827 
6829 


6833 
6841 
6857 
6863 
6869 


6871 
6883 
6899 
6907 
6911 


6917 
6947 
6949 
6959 
6961 


6967 
6971 
6977 
6983 
6991 


6997 
7001 
7013 
7019 
7027 


7039 
7043 
7057 
7069 
7079 


7103 
7109 
7121 
7127 
7129 


7151 
7159 
7177 
7187 
7193 


7207 
7211 
7213 
7219 
7229 


7237 
7243 
7247 
7253 
7283 


7297 
7307 
7309 
7321 
7331 


7333 
7349 
7351 
7369 
7393 


7411 
7417 
7433 
7451 
7457 


7459 
7477 
7481 
7487 
7489 
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TABLE 3 (cont'd) 
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TABLE 4 


The number of primes and the number of pairs of twin primes in the indicated intervals. 


Number of 
Number of pairs of 
Interval primes twin primes 


1-100 
101-200 
201-300 
301-400 
401-500 


501-600 
601-700 
701-800 
801-900 
901-1000 


2501-2600 
2601-2700 
2701-2800 
2801-2900 
2901-3000 
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10001-10100 
10101-10200 
10201-10300 
10301-10400 
10401-10500 


29501-29600 
29601-29700 
29701-29800 
29801-29900 
29901-30000 


100001-—100100 
100101-100200 
100201-100300 
100301-100400 
100401-~-100500 


299501-299600 
299601~-299700 
299701-299800 
299801-299900 
299901-300000 


NN | — 


SCONOHO OF KF ee 


ooo = 


0 
7 
6 
9 
8 
9 
8 
7 
8 
8 
6 
9 
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TABLE 5 


The values of t(n), a(n), o(n), and p(n), where] <n = 100. 


pf ve | ccm | oem 
41 42 40 


oaorHyaw”n f.wWwn =| 
_ 


_ 
NDAWAAN FOR BDRAN HNN = = 


-_ 


_ 


— 
SCNHNWOHKADHANNN DWH AN DHA ARN NN DH DWH DNA HKAWON BRA QAN ON 


1 
2 
2 
3 
2 
4 
2 
4 
3 
4 
2 
6 
2 
4 
4 
5 
2 
6 
2 
6 
4 
4 
2 
8 
3 
4 
4 
6 
2 
8 
2 
6 
4 
4 
4 
9 
2 
4 
4 
8 


| 
Corr KX CO = =— = OC 


— 
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TABLE 5 (cont'd) 


n 

81 5 4 72 1 
82 4 6 44 0 
83 2 aaa | 4 60 1 
84 12 0 4 46 1 
85 4 1 4 Pe 1 
86 4 I 12 32 0 
87 4 1 2 96 =A] 
88 8 0 6 42 0 
89 2 ar | 6 60 0 
90 12 0 9 40 0 
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TABLE 6 

Known Mersenne primes. 

Mersenne number Number of digits Date of discovery 
| 22 _ |] l unknown 
ps oe 1 unknown 
3 os | a unknown 
4 | 3 unknown 
5 ¢2_{ 4 1456 
6 of 6 1588 
7 7 =] 6 1588 
8 gl] 10 1772 
9 | 19 1883 

10 ——a 27 1911 

1] gy | 33 1914 

ga 9 -j 39 1876 

ce sa | 157 1952 

i4 ofr | 183 1952 

is Bey 386 1952 

ef Fey 664 1952 

17 qaeel _ | 687 1952 

a 969 1957 

s | 1281 196] 

20 mw 1332 196] 

21 ae! _ | 2917 1963 

a 6 4 2993 1963 

23 QuAs — ] 3376 1963 

a 86g lO | 6002 1971 

yy eta _ | 6533 1978 

26 =. 223209 _ | 6987 1978 

5 a eee | 13395 1978 

ne ae ee | 25962 1983 

29 SS | 33265 1989 

30.0 2132049 _ | 39751 1983 

31 es | 65050 1985 

io 227832 1992 

33 859433 _ | 258716 1994 

740 RT __ | 378632 1996 

35 fae _ | 420921 1996 

46 NORA __ | 895932 1996 

37 QE — | 909526 1998 

38 26972993 _ | 2098960 1999 

39 geet — | 4059346 2001 

40 220996011 _ |} 6320430 2003 

4] PAGS? _ | 7235733 2004 

42 925964951 _ | 7816230 2005 

43 g8040e4s7 _ | 9152052 2005 

44 932582657 _ | 9808358 2006 

45 glia? —_ | 12978189 2008 

46 grisea? _ | 11185272 2008 

43 9 -OR _ j 12837064 2009 


ANSWERS TO SELECTED PROBLEMS 


SECTION 1.1 


5. (a) 4,5, and 7. 
(b) (3-2)! A 3!12!, (42)! 4 3!4+2!. 


SECTION 2.1 


5. (a) t = 21 and ts = 15. 
6. (b) 1? = hh, C= lg, 2042 = loge. 
9. (b) Two examples are tg = t3 +5, tio = ta + fo. 


SECTION 2.4 


1. 1,9, and 17. 
BAe) 4 S4, YS 8, 
(bo =65- Sh 
(od he At es 
(d) x =39, y = —29. 
8. 32,461, 22,338, and 23,664. 
12,.x=171, y=-114, z=-2. 


SECTION 2.5 


2. (a).2-=20-+9t, yea = 71: 
(b) x = 184231, y=-—3-4t. 
() 4= 116 +351, y= —1111— 2210. 
Sanwa), “y= 6: 
(6) S27 oy SH 3s: C=O. = ye 20: KN, = 2 
(c) No solutions 
(d) x =17—S7t, y=47—158t, wheret <0. 
5. (a) The fewest coins are 3 dimes and 17 quarters, whereas 43 dimes and 1 quarter give 
the largest number. It is possible to have 13 dimes and 13 quarters. 


410 
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(b) There may be 40 adults and 24 children, or 45 adults and 12 children, or 50 adults. 
(c) Six 6’s and ten 9’s. 

6. There may be 5 calves, 41 lambs, and 54 piglets; or 10 calves, 22 lambs, and 68 piglets; 
or 15 calves, 3 lambs, and 82 piglets. 

7. $10.21 

8. (b) 28 pieces per pile is one answer. 
(d) One answer is 1 man, 5 women, and 14 children. 
(e) 56 and 44. 


SECTION 3.1 


2. 25 is a counterexample. 
7. All primes < 47. 
11. (a) One example: 2!° — 1 is prime. 


SECTION 3.2 


11. Two solutions are 59 — 53 = 53 —47, 157 — 151 = 163 — 157. 
14. Rio = 11-41 - 271 - 9091. 


SECTION 3.3 


3. 2 and 5 

11. h(22) = 23 - 67. 

14. 71, 13859 

16. 37 = —-14+24+34+547411-134+17-19+4+ 23 —29+4 31, 
31=-14+2-3+4+5-7-114+134+17- 19 —23 + 2029). 

19. 81=34+5473, 125=5+4+13+4107. 

28. (b) n= 1. 


SECTION 4.2 


4. (a) 4and 6 
(b) 0 


SECTION 4.3 


1. 14147 = 658 (mod 1537) 
1993 = 406 (mod 503) 

3. 89 

6. (a) 9 
(b) 4 
(c) 5 
(d) 9 

9. 7 

Leas, 8: 

12. 143. 

Bn = 13. 
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21. Re =3-7-11-13-37. 

236: X= 35. SZ: 

24x Ss. SU. eG: 

26. (a) Check digits are 7; 5. 
(b) ag = 9. 

27. (b) Incorrect 


SECTION 4.4 


1. (a) x = 18 (mod 29). 
(b) x = 16 (mod 26). 
(c) x = 6, 13, and 20 (mod 21). 
(d) No solutions 
(e) x = 45, and 94 (mod 98). 
(f) x = 16, 59, 102, 145, 188, 231, and 274 (mod 301). 
2. (a) x=154+5lt, y=-1-4¢. 
(b) x =134+25t, y=7-12t. 
(c) x= 144537, y=1+5t. 
3. x =11+2t(mod 13), y =5+ 6t (mod 13). 
4. (a) x = 52 (mod 105). 
(b) x = 4944 (mod 9889). 
(c) x = 785 (mod 1122). 
(d) x = 653 (mod 770). 
5. x = 99 (mod 210). 
6. 62 
7. (a) 548, 549, 550 
(b) 57|350, 37|351, 24|352 
8. 119 
9. 301 
10. 3930 
14. 838 
15. (a) 17 
(b) 59 
(c) 1103 
16. n = 1,7, 13 (mod 15). 
17. x=7, y =9 (mod 13). 
18. x = 59, 164 (mod 210). 
19. x=7,y=0;x% =3,y=1;x =7, 
XE), 9H 4) 4H 3, VHS Oe 
20. (a) x = 4 (mod 7), y = 3 (mod 7). 
(b) x =9 (mod 11), y = 3 (mod 11). 
(c) x = 7 (mod 20), y = 2 (mod 20). 


SECTION 5.2 


6. (a) 1 
9. (b) x = 16(mod 31), x =10(mod11), x = 25 (mod 29). 


SECTION 5.3 


§.°5;,..13 
12, 2 6, 31 


SECTION 5.4 


1. (b) 127-83 
(c) 691-29-17 

3. 89-23 

4.29-17, 32.52.13? 

5. (a) 2911 = 71-41. 
(b) 4573 = 17 - 269. 
(c) 6923 = 23 - 301. 

6. (a) 13561 = 71-191 

7. (a) 4537 = 13-349. 
(b) 14429 = 47 . 307. 

8. 20437 = 107-191. 


SECTION 6.1 


2. 6; 6,300,402 
12. (a) p? and p’g; 48 =2'-3. 


SECTION 6.3 


3. 249, 330 

5. (b) 150, 151, 152, 153, 154 
8. (b) 36, 396 

9. 405 


SECTION 6.4 


1. (a) 54 
(b) 84 
(c) 115 

3. (a) Thursday 
(b) Wednesday 
(c) Monday 
(d) Thursday 
(e) Tuesday 
(f) Tuesday 

5. (a) 1, 8, 15, 22, 29 
(b) August 

6. 2009 


SECTION 7.2 


1152, 9600 
16 when n = 17, 32, 34, 40, 48, and 60. 


1. 720, 
18. d(n) = 


ANSWERS TO SELECTED PROBLEMS 


b(n) = 24 when n = 35, 39, 45, 52, 56, 70, 72, 78, 84, and 90. 
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SECTION 7.3 


Lack 
8. (b) x = 19 (mod 26), x = 34(mod 40), x =7 (mod 49). 


SECTION 7.4 
10. (b) 29348, 29349, 29350, 29351 


SECTION 8.1 


1:58, 16, 16 
(b) 18, 18,9 
(cr dl 22 
8. (c) 2!7—1isprime; 233|27? —1. 
11. (a) 3,7 
(b) 3,5, 6, 7, 10, 11, 12, 14 
12. (b) 41, 239 


SECTION 8.2 


2. 1,4,11,14; 8, 18,47,57; 8, 14, 19, 25 

39 “Ga = 
2 > B= 7 NOS 2 1S ee ae HO: 
Se So MOSS ASS ea 15 SS a Ss: 
20 = 5, BPS 5). 


4. (a) 7,37 
(b) 9, 10, 13, 14, 15, 17, 23, 24, 25, 31, 38, 40 
5.11, 50 
SECTION 8.3 
Peay FAT ls, 19s 725358, 12 1S hie 22.25 
(b)i2;.55 
2, 5, 11, 14, 20, 23; 
2, 5, 11, 14, 20, 23, 29, 32, 38, 41, 47, 50, 56, 59, 65, 68, 74, 77 
3 


4. (b) 
5.6, 7, 11, 12, 13, 15, 17, 19,22, 24, 26, 28, 29, 30, 34,35; 
7, 11, 13, 15, 17, 19, 29, 35, 47, 53, 63, 65, 67, 69, 71, 75 

11. (b) x = 34 (mod 40), x = 30 (mod 77). 


SECTION 8.4 


1. indg5 =9, indg 5=9, ind75 =3, indj, 5 =3. 
2. (a) x = 7(mod 11). 

(b) x = 5, 6 (mod 11). 

(c) No solutions. 


19:= 5'°, 
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3. (a) x = 6, 7, 10, 11 (mod 17). 
(b) x = 5 (mod 17). 
(c) x = 3,5, 6, 7, 10, 11, 12, 14 (mod 17). 
(d) x = 1 (mod 16). 

4. 14 

8. (a) In each case, a = 2,5, 6. 

(b) 12545. 153,455.95. 21,359 

12. Only the first congruence has a solution. 

16. (b) x = 3,7, 11,15 (mod 16); x = 8, 17 (mod 18). 

17. b = 1,3, 9 (mod 13). 


SECTION 9.1 


1. (a) x =6,9 (mod 11). 
(b) x = 4, 6 (mod 13). 
(c) x = 9, 22 (mod 23). 
8. (b) 11 (mod 17); x = 17, 24 (mod 41) 
4, 5,6, 7,9, 11, 16, 17 
,4, 5, 6, 7,9, 13, 16, 20, 22, 23, 24, 25, 28; 
2, 4, 5,7, 8, 9, 10, 14, 16, 18, 19, 20, 25, 28 


? 


SECTION 9.2 


1. (a) —1 
(b) 1 
(c) 1 
(d) —1 
(e) 1 

2. (a) (-1)° 
(b) (-1)° 
(c) (-1)* 
(d) (-1y 
(e) (-1)” 


SECTION 9.3 


1. (a) 1 
(b) —1 
(c) -1 
(d) 1 
(e) 1 
3. (a) Solvable 
(b) Not solvable 
(c) Solvable 
6. p =2o0r p=1(mod4);_ p =2o0r p = 1 or3 (mod 8); 
p =2, p =3 or p = 1 (mod 6). 


8. 73 
14. x = 9, 16, 19, 26 (mod 35). 
16. —1,>-—1, 


20. Not solvable 


415 


416 


SECTION 9.4 


1. (b) x 
2. (a) x 
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57, 68 (mod 5°). 
13, 14 (mod 33). 


(b) x = 42, 83 (mod 5’). 

(c) x = 108, 235 (mod 7°). 
3. x = 5008, 9633 (mod 114). 
4. x = 122, 123 (mod 53); x = 11, 15 (mod 3). 
6. x = 41, 87, 105 (mod 27). 


, 7, 9, 15 (mod 2°). 


7. (a) Whena=1, x=1,7 
Whena =9, x =3,5, 11, 13 (mod 2+). 

(b) Whena =1, x = 1,15, 17,31 (mod 2°). 
Whena =9, x = 3,13, 19,29 (mod 2°). 
Whena = 17, x =7, 9, 23, 25 (mod 2°). 
When a = 25, x =5, 11,21, 27 (mod 2°). 

(c) Whena=1, x =1, 31,33, 63 (mod 2°). 
When a =9, x = 3,29, 35, 61 (mod 2°). 
When a = 17, x = 9, 23,41, 55 (mod 2°). 
When a = 25, x =5, 27, 37, 59 (mod 2°). 
When a = 33, x = 15, 17, 47, 49 (mod 2°). 
Whena =41, x = 13, 19, 45,51 (mod 2°). 
Whena = 49, x =7, 25, 39, 57 (mod 2°). 
When a = 57, x = 11, 21, 43, 53 (mod 2°). 

9. (a) 4, 8 


(b) x = 3, 147, 153, 297, 303, 447, 453, 597 (mod 2? - 3 - 52). 
10. (b) x = 51, 70 (mod 117). 


SECTION 10.1 


4. (a) C =3P + 4 (mod 26). 
(b) GIVE THEM UP. 
5. (a) TAOL M NBJQ TKPB. 
(b) DO NOT SHOOT FIRST. 
6. (b) KEEP THIS SECRET 
7. (a) UYJB FHSIHLQA. 
(b) RIGHT CHOICEX. 
8. (a) C) = P; + 2P> (mod 26), 
(b) HEAR THE BELLS. 
9. HS TZM 
10. FRIDAY 
11. 1747, 157 
12. 253 
13. 2014 1231 1263 0508 1106 1541 
14. REPLY NOW 
15. SELL SHORT 


C, =3P, + 5P, (mod 26). 


1331 


SECTION 10.2 


1. x2 =X4 =X = 1, 
x3=xX4 = x5 = 1, 


xX, =x3=x%5=0. 
X) =X. =x — 0. 
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KS =a SS ae = x3 = x6 = 0. 
tS 47S 93 =e a a SS as = 

2. (a) and (c) are superincreasing. 

3. (a) XH XQ = XZ = X= 1, X4 = X5 = 0. 
(by Ax Saran a). XS X= 0 
(c) 33 =X =X = 1, xy = XQ = x5 =0. 


D3, 4. 10,. 21 
6. CIPHER. 
7. (a) 14, 21, 49, 31, 9 


(b) 45 49 79 40 70 101 79 49 35 


SECTION 10.3 


1. (ay 43:35) 43,11) 43,06) (43, 42) (43, 19) 
7 (4B, 11). (43,15). (43,20) (43000) (43,19) 
2. BEST WISHES 
3. (23,20) (23,01) (12,17) (12,35) (13,16) (13, 04) 
(1424, 2189) (1424,127) (1424, 2042) 
” (1424, 2002) (1424,669) (1424, 469) 


SECTION 11.2 


1. o(n) = 2160(2"! — 1) 4 2048(2!! — 1). 
8. 56 
11. p*, pq 
14. (b) There are none. 
16. No. 


SECTION 11.3 
3. 233 | Moo. 


SECTION 11.4 


3 4b\ 3.27 5: 
7. 284.1 = (22? — 2)5 + 1)(2?9 + 25 + 1) = 5 - 107367629 - 536903681. 
9. (c) 83| 2" + 1 and 59| 27? + 1. 

10. n=315, p=71, andg =73. 

1153) 22 4: 


SECTION 12.1 


1. (a) (16, 12, 20), (16, 63,65), (16, 30, 34) 
(b) (40,9, 41), (40, 399, 401); (60, 11,61), (60, 91, 109), 
(60, 221, 229), (60, 899, 901) 
8. (12,5, 13), (8, 6, 10) 


417 


12. (a) (3,4,5), (20, 21,29), (119, 120, 169), (696, 697, 985), (4059, 4060, 5741) 


(b) (t6, t7,35), (tao, t41, 1189), (4238, f239, 40391) 
13. = 17, tg =6*, ta = 35%, togg = 2047, tog = 11897. 
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SECTION 13.2 


1.113 =77+82, 229=224152, 373 =7%+ 187. 
2. (a) 177 + 18* = 613, 474+5%=41, 574+6*=61, 924 107 = 181, 
12? + 13? = 313. 
5. (b) 3185 = 562 +7%, 39690 = 1892+ 637, 62920 = 242? + 667. 
6. 1105 = 5-13-17 = 97 + 32? = 122 + 31? = 23? 4 24?; 
Note that 325 = 52-13 = 124+ 18? = 6? 4+ 17? = 107 + 15?. 
14. 45 = 7 — 2? = 92 — & = 23? — 22?. 
18. 1729 = 134127 = 93 + 10°. 


SECTION 13.3 


2. (2870)? = (17 + 2? + 32 +.--- + 207) leads to 5742 = 4142 + 8? + 167 + 242 + 3224 
+++ 152%, which is one solution. 

6. One example is 509 = 12? + 13? 4 14?. 

7. 459 = 15? + 152 + 37. 
10. 61=5°7- 43, 127=77-6°. 
13. 231 = 157 +27417417, 391 = 157497497427, 2109 = 4474 127457427. 
17. 13 = 3? +4 =6—5?. 
18. (b) Whenn =12, 290 = 1324 117 = 1645743? = 1474+ 9% +374 2? 

= 15? + 67 + 4? + 37 + 22. 


SECTION 14.2 


7.2, 5, 144 

8. U1, U2, U3, U4, U6, U2 
11. 44, = 29 + ug, Uy2 = 6ug + (ug — Ug). 
12. 14, U2, U4, Ug, U9 


SECTION 14.3 


7.50 =ugtuz7+u9, T>=u3t+ustu7+ujo, 10O0=u,+u3+uU6 + U41, 
125 = u3 +uo + U4]. 
9. (3,4,5), (5, 12,13), (8, 15,17), (9, 80, 89), (105, 208, 233) 


SECTION 15.2 
1. (a) [—1;1, 1, 1, 2, 6] 


(by [35.35.1533 2] 
(3 i Be ee | 
(d) [0;2, 1, 1, 3,5, 3] 


2. (a) —710/457 
(b) 741/170 
(c) 321/460 

4. (a) [0;3, 1, 2, 2, 1] 
(b) [-1;2, 1, 7] 
(ce). (233, 1.2, 1) 2] 


N 
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- (a) 1, 3/2, 10/7, 33/23, 76/53, 109/76 


(ys On 5 18 104 88 
(c) 0, 1/2, 4/9, 5/11, 44/97, 93/205 


. (b) 225 =4-434+4-104+3-34+2-142. 
. (a) 1, 3/2, 7/5, 17/12, 41/29, 99/70, 239/169, 577/408, 1393/985 


(b) 1, 2, 5/3, 7/4, 19/11, 26/15, 71/41, 97/56, 265/153 

(c) 2, 9/4, 38/17, 161/72, 682/305, 2889/1292, 12238/5473, 51841/23184, 
219602/98209 

(d) 2, 5/2, 22/9, 49/20, 218/89, 485/198, 2158/881, 4801/1960, 21362/8721 

(e) 2, 3, 5/2, 8/3, 37/14, 45/17, 82/31, 127/48, 590/223 


eSNG stile. 13$ 9,85. b, 25,174) 
(hie = =8 4-51. a= = 19 


(b) x =584227t, y= —93 — 364. 
(c) x =48+5t, y= —168 — 18. 
(d) t-=—22 -Oit. Sol = 158r. 


SECTION 15.3 


- (a) 


34/15 
3 
—44 /37 
3 
5+ 4/10 
3 
1971 
10 
314 + /37 


(©) 333 
Sail 


(b) 
(c) 
(d) 


A 5S RT AALS 


ee | 


11. 


ees 62 


- (a) [254] 


(b) (231, 1, 1, 4] 
(c) [2:3] 

(d) [2;1, 3] 

(e) [1;3, 1, 2, 1, 4] 


>) (2h (le W21, Bre). (65121 
- 1677/433 

- (a) 1264/465 

- (a) 29/23 


(b) 267/212 
3, 22/7, 355/113 


SECTION 15.4 


5. 
6. 


The immediate successor of 5/8 in Fj; is 7/11. 


7 1 
IW3-Z<4 
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SECTION 15.5 


2A = S57 = 3. 
(b) x= 10, y=3. 
(Cas. yea. 
GH, y= 2. 
Gxr=—2> yea 

Slay 3 PS 2 Na TT, = Pa Te OSs 70: 
(by) See a eae Ea 6, pea tes. eH 

x-= 362, yy = 209. 

(oye 9) yeas x Sat6l, y= 72: 

4. 48, 1680 

§.. (a) x= 24, yas; x= 1151, y= 240: 
(b)2=51, yo le + =5201, - y= 1020: 
(Crea. Fe oH IO y= 164. 

6. (a) x = 9801, y = 1820. 
(b) x = 2049, y = 320. 
(c) x = 3699,  y = 430. 

a. (8) 4 = 18,. ves. 
(b) x= 70, y-="13; 
(CVA = 32.4 hy 5: 

12. x = 449, y=60; x= 13455, y=1798. 
13. (b) x = 254, y=96; x =4048, y= 1530. 

(rH 213- y= 36 aH 23k. oS 8. 


SECTION 16.2 


1. (a) 299 = 13 - 23. 
(b) 1003 = 17-59. 
(c) 8051 = 83 - 97. 

2. 4087 = 61 - 67. 

3. (a) 1711 = 29-59. 
(b) 4847 = 37-131. 
(c) 9943 = 61 - 163. 

4. (a) 1241 = 17-73. 

(b) 2173 = 41 - 53. 
(c) 949 = 13 - 73. 
(d) 7811 = 73 - 107. 

. 1189 = 29- 41. 

. (a) 8131 = 47 - 173. 

(b) 13199 = 67-197. 
(c) 17873 = 61 - 293. 


Nu 


SECTION 16.3 


2. (a) x = 13, 20, 57, 64 (mod 77). 
(b) x = 10, 67, 142, 199 (mod 209). 
(c) x = 14, 32, 37, 55 (mod 69). 
3. Alice wins if she chooses x = +73 (mod 713). 
4. Alice loses if she chooses x = +676 (mod 3713). 


y = 56; 


absolute pseudoprime numbers, 91-92, 93, 
367 

abundant numbers, 236 

Académie des Sciences, 61, 129, 131, 220, 
261-262 

Academy of Science at Gottingen, 255 

Adleman, Leonard (b. 1945), 205 

Agrawal, Manindra (b. 1966), 358 

Alcuin of York (c. 732-804), 38, 222 

Alembert, Jean Le Rond d’ (1717-1783), 63 

Alexandrian Museum, 14—15 

L’Algebra Opera (Bombelli), 307 

algebraic numbers, 254 

American Journal of Mathematics, 288 

American Mathematical Society, 
228, 355 

amicable numbers, 234—237 

amicable pairs, 234 

amicable triples, 237 

Anthoniszoon, Adriaen (1527-1617), 332 

Apéry, Roger (1916-1994), 377 

Arabic numerals, 284 

Archimedean property, 2 

Archimedean value of 7, 331 

Archimedes (c.287—212 B.C.), 331, 350 

area, of Pythagorean triangles, 250 
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Fermat numbers and, 241 
Fibonacci numbers and, 284, 288, 302 
Mersenne numbers and, 228, 231, 232 
primality test, 367-368 
Lucas-Lehmer test, 232 
Lucas numbers, 301 
Lucas sequence, 6, 301, 385 
Lucas’s converse of Fermat’s theorem, 
367-368 


wu function. See Mobius yw function 
Mahaviracarya (c. 850), 38 
Manasse, M. S., 242 
Mangoldt A-function, 116 
mathemata, in Pythagorean school, 13 
Mathematical Classic (Chang), 37 
mathematical induction 
basis for the induction, 4 
first principle of finite induction, 2, 5 
induction hypotheses, 4 
induction step, 4 
method of infinite descent, 252, 254, 258, 
2735339 
second principle of finite induction, 5-6 
McDaniel, Wayne, 233 
Measurement of a Circle (Archimedes), 331 
Mécanique Analytique (Lagrange), 262 
Les Mécaniques de Galilée (Mersenne), 
220 
mediant fractions, 335-336 
Meditationes Algebraicae (Waring), 93, 278 
Merkle-Hellman knapsack cryptosystem, 
211-214 
Merkle, Ralph (b. 1952), 211 
Mersenne, Marin (1588-1648) 
biographical information, 219-221 
Descartes correspondence, 235 
on factorization, 102 
Fermat correspondence, 97, 235, 238, 265 
illustration of, 221 
Mersenne numbers 
defined, 227 
primality tests, 227-228, 229, 231-232 
properties of, 230-231, 236 
search for larger numbers, 231-232 
table of, 409 
Mersenne primes, 227, 228, 231 
Mertens, Franz (1840-1927), 115 
Mertens’s conjecture, 115-116 
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method of infinite descent, 252, 254, 258, 
273, 339 
Mihailescu, Preda, 258 
Miller-Rabin primality test, 369-370, 371 
Mills, W. H. (b. 1921), 57 
Mobius inversion formula 
applications of, 115 
defined, 113-114 
Euler’s phi-function ¢(n) and, 144-145 
Mobius wp function 
basic properties, 112—113, 117 
defined, 112 
greatest integer function and, 122 
Mertens conjecture and, 115-116 
Mobius inversion formula and, 113-114 
table of, 407-408 
modular exponentiation cryptosystems, 
203-205, 209 
monoalphabetic cryptosystems, 198, 199, 
207-208 
Monte Carlo (p) factorization method, 
358-360 
Moore, Eliakim Hastings (1862-1932), 355 
Morain, Francois, 242 
Morehead, J. C., 240, 241 
Morrison, Michael A., 241, 361, 364 
multiples, defined, 20 
multiplicative functions 
basic properties, 107-108, 111, 112 
defined, 107 
Mobius inversion formula and, 115 
Mobius yp function as, 112 
t and o as, 108-110 
multiplicative inverse of a modulo n, 77 
multiplicatively perfect numbers, 226 
multiply perfect numbers, 226 
Museum of Alexandria, 14—15 


n!. See factorials 

National Bureau of Standards, 232 

natural numbers, defined, 1 

near-repunit numbers, 386 

“New Directions in Cryptography” (Diffie 
and Hellman), 205 

Newton’s identity, 10 

Nickel, Laura, 231 

Nicomachus of Gerasa (fl. 100), 15, 
79, 222 

nine, divisibility tests for, 71, 72 

Noll, Landon Curt (b. 1960), 231 


notation and symbols 


binomial coefficients, 8 
congruence, 63, 64 

continued fractions, 306—307, 310 
e, 328 

factorials, 5 

infinite continued fractions, 321, 322 
Legendre symbol (a/p), 175 

ww, 327 

If (d), 106-107 

uf (d), 104, 109-110 

use of, in Arithmetica, 32 


number mysticism, 14 
number of divisors t(n) 


basic properties, 103-107 

defined, 103 

Euler’s phi-function ¢(m) and, 135 

greatest integer function and, 120-121, 
122 

as multiplicative function, 108-110 

table of, 407-408 


number-theoretic functions, 103—127 


calendar applications, 122-127 

defined, 103 

greatest integer function, 117-122 

Mobius w function, 112-117, 122, 
407-408 

number of divisors t(n), 103-107, 
108-110, 120-121, 122, 135, 407-408 

See also Euler’s phi-function; 
multiplicative functions; sum of 
divisors 


numbers 


absolute pseudoprime, 91-92, 93, 367 

abundant, 236 

algebraic, 254 

amicable, 234—237 

Bernoulli, 377-378 

Blum, 373 

Carmichael, 91-92, 93, 367 

Catalan, 12 

composite, 39, 158-163, 305 

deficient, 236 

Euclidean, 46—47 

even (see even numbers) 

factorization into primes (see 
factorization into primes) 

Fermat (see Fermat numbers) 

Fibonacci (see Fibonacci numbers) 

highly composite, 305 


ideal, 254 

irrational (see irrational numbers) 

k-perfect, 226 

Lucas, 301 

Mersenne, 227-228, 229, 230-232, 236, 
409 

multiplicatively perfect, 226 

multiply perfect, 226 

natural, 1 

near-repunit, 386 

odd (see odd numbers) 

palindromes, 75 

Pell, 352 

pentagonal, 15 

perfect (see perfect numbers) 

primality tests for (see primality tests) 

prime (see prime numbers) 

pseudoprime, 90-92, 93, 243, 367 

rational, 307-311, 318, 329-331, 332, 
334-337 

relatively prime (see relatively prime 
numbers) 

representation of (see representation of 
numbers) 

Skewes, 381 

sociable chains of, 237 

square, 15, 16, 19, 25, 59 

square-free, 44, 91-92, 110, 242-243 

square-full, 44 

strong pseudoprime, 367 

superperfect, 227 

triangular, 15-16, 26, 59, 252, 257, 281 

numerals, Hindu-Arabic, 284 
numerators 
continued fractions, 311—312, 313, 314 
Legendre symbol, 175 


odd-numbered convergents, 317-318 
odd numbers 
defined, 18 
divisibility relations, 25 
Goldbach’s conjecture and, 52-53 
Legendre symbol and, 183-184 
perfect, 232-234 
Pythagorean views, 14 
table of prime factors of, 394-403 
odd primes 
as difference of two squares, 269-270 
Gauss’s lemma and, 180-181 
integers as sums of, 51-53, 58, 59 
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Legendre symbol and, 183-185 
primitive roots for, 160-162, 181-182 
properties of, 43, 92-93, 135, 
151-152 
as sum of four squares, 274-275 
theory of indices and, 167, 168 
Wilson’s theorem and, 95-96, 97 
Odlyzko, Andrew, 116 
One, as number, 14 
one-time cryptosystems, 202-203 
Ono, Ken, 305 
Opera Mathematica (Wallis), 340 
order of a modulo n, 147-150 


(pi) 
continued fraction representation, 320 
decimal expansion of, 357 
historical approximations of, 331-332 
infinite series representation, 306 
irrationality of, 329 

it(x) (prime counting function) 
approximations of, 378-380, 381-382 
of the form p = an + b, 53-54 
prime number theorem and, 375-377 

TI notation, 106—107 

p - 1 factorization method, 360-361 

palindromes, 75 

Parkin, Thomas, 279 

partial denominators, 307, 310 

partial quotients, 310 

partition theory, 304-305 

Pascal, Blaise (1623-1662) 
Fermat and, 86 
mathematical induction work, 10 
Mersenne and, 219, 220 

Pascal, Etienne (1588-1651), 220 

Pascal’s rule, 8—9 

Pascal’s triangle, 9 

Pell, John (1611-1685), 220, 340 

Pell numbers, 352 

Pell’s equation, 339-352 
algebraic formula for, 349-350 
continued fraction solutions, 340-347 
fundamental solution, 347-349 
history of, 339-340, 350 
positive solutions, 340, 343, 346-350 
successive substitution solutions, 348 

pentagonal numbers, 15 

Pepin, Théophile (1826-1904), 239 

Pepin’s test, 239-240, 241 
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perfect numbers 
defined, 221 
final digits of, 222, 225 
general form of, 222—223 
multiplicatively perfect, 226 
multiply perfect, 226 
odd, 232-234 
properties of, 223-227 
search for larger numbers, 228, 231-232 
superperfect, 227 
period (continued fraction expansions), 322, 
342-343 
periodic continued fractions, 322, 334, 
342-347, 345-346 
Peter the Great (1672-1725), 130 
Pfaff, Johann Friedrich (1765-1825), 63 
Philosophical Magazine, 334 
philosophy, early number theory and, 14 
Piazzi, Giuseppi (1746-1826), 63 
pigeonhole principle, 264 
pirate problem, 83 
place-value notation systems, 69-71 
plaintext, defined, 197 
Plutarch (c. 46-120), 15 
Pocklington, Henry (1870-1952), 368 
Pocklington’s theorem, 368-369, 371 
Poe, Edgar Allan (1809-1849), 199 
Pohlig-Hellman cryptosystem, 203-205 
Polignac, Alphonse de (1817-1890), 59 
Pollard, John M., 241, 242, 358-361 
Pélya, George (1888-1985), 357 
Pélya’s conjecture, 357 
polyalphabetic cryptosystems, 198-201, 208 
polygons, construction of, 62-63, 238-239, 
243 
polynomial congruences, 71-72, 152-154 
polynomial time primality test, 358 
polynomials, prime-producing, 56-57 
positive integers, defined, 1 
powerful numbers, 44 
powers of numbers 
odd primes, primitive roots for, 160-162 
order of a modulo n and, 149-150 
Powers, R. E., 231 
primality tests 
computers and, 358 
efficient algorithms for, 358 
for Fermat numbers, 228, 239-240, 241 
Fermat’s little theorem methods, 89, 
366-369 


for Mersenne numbers, 227-228, 229, 
231-232 
Miller-Rabin test, 369-370, 371 
Pepin’s test, 239-240, 241 
Pocklington’s theorem method, 368-369, 
371 
Wilson’s theorem method, 95 
prime factorization. See factorization into 
primes 
prime number theorem 
arithmetical proof of, 356, 383 
complex proofs of, 380-382 
defined, 375 
length of interval of primes and, 
381-382 
prime counting function and, 375-377, 
381-383 
zeta function and, 377-378, 380-381 
prime numbers, 39-60 
arithmetic progressions of, 54-55, 59 
Bertrand’s conjecture, 48-49 
consecutive, 50-51, 55-56 
defined, 39 
Fermat, 237 
Fibonacci numbers as, 287, 290-291 
of the form 2* — 1, 223-224 
of the form 3n + 1, 54 
of the form 4n + 1, 53-54, 155-156, 
177-178, 265-267 
of the form 4n + 3, 53-54, 264, 267-268 
of the form 8k + 1, 181 
of the form n? + 1, 57-58 
of the form p* + 1, 46 
fundamental theorem of arithmetic, 
39-42 
Germain, 182 
Goldbach’s conjecture, 51-53, 58, 111 
intervals between, 50-51 
irregular, 254 
Mersenne, 227, 228, 231 
near-repunit, 386 
prime-producing functions, 56-57 
primitive roots of, 150, 154-158, 182 
regular, 254 
repunit, 49, 50, 370, 386 
sieve of Eratosthenes and, 44-46, 49 
as sum of four squares, 275-277 
tables of, 404—405 
three-primes problem, 355 
twin, 50, 58, 59 


Wieferich, 258 


See also infinitude of primes; odd primes 


prime-producing functions, 56-57 
primers (autokey cryptosystems), 200 
primitive Pythagorean triples, 246-250, 
251-252 
primitive roots 
for composite numbers, 158-163 
defined, 150 
ElGamal cryptosystem and, 214-218 
Legendre symbol and, 181-182 
number of, 151 
for powers of odd primes, 160-162 
for prime numbers, 154-158, 162 
properties of, 151-152 
tables of, 156, 393 
probabilistic primality test, 370 
Probationers (Pythagorean school), 14 
proofs, using mathematical induction, 2-6 
Proth, E., 371 
pseudoprime numbers 
absolute, 91-92, 93, 367 
defined, 90 
Fermat numbers as, 243 
properties of, 90-92, 93 
with respect to base a, 91, 367 
strong, 371 
public-key cryptosystems 
ElGamal system, 214-218 
Merkle-Hellman knapsack system, 
211-214 
origin of, 205 
RSA system, 205-207 
puzzle problems 
cattle problem, 350 
Chinese remainder theorem and, 79-81 
Diophantine equations, 36—37, 38 
hundred fowls problem, 37 
Pythagoras (c. 585-501 B.C.) 
amicable pair discovery, 236 
early number theory, 13-14 
on irrational numbers, 42-43 
Pythagorean triangle formula, 246 
on triangular numbers, 15 
Pythagorean triangles, 246, 250, 257, 259, 
260 
Pythagorean triples, 246-250, 251-252 
Pythagoreans 
amicable numbers and, 235 
history of, 14 
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number classification, 42 
on perfect numbers, 221 


quadratic congruences 
in Blum’s coin flipping game, 
371-373 
with composite moduli, 189-190, 
192-196 
defined, 95 
indices for solving, 164-165 
primitive roots, 155-156 
quadratic reciprocity law and, 169, 
189-190 
simplification of, 169-171 
solvability criteria, 170, 174, 177, 192, 
194-195 
Wilson’s theorem and, 95—96, 97 
quadratic nonresidues 
defined, 171 
Euler’s criterion and, 171-174, 180 
Legendre symbol and, 178-179 
quadratic reciprocity law 
applications of, 187-192 
defined, 186 
Gauss’s lemma and, 179 
generalized, 192 
history of, 169, 185-186 
quadratic residues 
defined, 171 
Euler’s criterion, 171-174 
Gauss’s lemma and, 180-181 
Legendre symbol and, 178-179 
sum of four squares problem and, 275 
quadratic sieve factoring algorithm, 
364-366 
quadrivium, 13 
quotients, 17, 310 


p factorization method, 358-360 
rabbit problem, 285 
radius of circles inscribed in Pythagorean 
triangles, 250 
Ramanujan, Srinivasa Aaiyangar 
(1887-1920) 
biographical information, 303-306 
continued fractions, 320 
illustration of, 304 
on the number 1729, 272 
universal quadratics, 277 
rapid primality tests, 358 
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rational numbers 
Farey fraction approximations of, 
334-337 
as finite continued fractions, 307-311, 
318 
as irrational numbers approximation, 
329-331, 332 
“Recherches d’ Analyse Indéterminée” 
(Legendre), 175 
rectangle/square geometric deception, 
293-294 
recursive sequences, 286 
reduced set of residues modulo n, 141, 168 
Regiomontanus (Johann Miller) 
(1436-1476), 83, 85-86, 280 
Regius, Hudalrichus (fl. 1535), 224 
regular polygons, 62-63, 238-239 
regular primes, 254 
relatively prime numbers 
as coefficients in Diophantine equations, 
35-36, 38 
congruence solutions and, 77-78 
continued fraction numerators and 
denominators, 314 
defined, 22—23 
Fermat numbers as, 239 
Fibonacci numbers as, 286—288 
in Pythagorean triples, 237 
in triples vs. pairs, 31 
remainder(s) 
Chinese remainder theorem, 79-81 
congruences and, 64—65, 66, 67 
defined, 17 
Euclidean algorithm and, 26-29 
least absolute, 28 
remote coin flipping, 371-374 
representation of numbers, 261-281 
base b place-value notation, 69-70 
binary system, 70-71 
with continued fractions, 307-311 
decimal system, 71 
as difference of two squares, 269-270, 
271-272 
e, 328-329 
irrational numbers, 323-328, 329-331, 
a2. 
x, 306, 320, 327-328 
as sum of cubes, 272, 278 
as sum of fifth powers, 278 
as sum of four squares, 263, 273-278 


as sum of fourth powers, 278 
as sum of higher powers, 278-279, 280, 
281 
as sum of three squares, 272—273 
as sum of two squares, 264-269, 
270-271, 272 
Waring’s problem and, 278-279 
repunit primes, 49, 50, 370, 386 
rho () factorization method, 358-360 
Riemann, Georg (1826-1866), 380-381 
Riemann’s hypothesis, 52, 380-381 
Riemann’s explicit formula, 380 
Rivest, Ronald (b. 1947), 205 
RSA challenge numbers, 207, 364 
RSA cryptosystem, 205-207 
Rudolff, Christoff (c. 1500-1545), 38 
running key ciphers, 200 


o(n). See sum of divisors 
x notation, 104, 109-110 
St. Petersburg Academy, 130, 131 
Saxena, Nitin (b. 1981), 358 
Scientific American, 200, 207 
second principle of finite induction, 5-6 
seeds (autokey cryptosystems), 200 
Selberg, Atle (1917-2007), 356, 383 
Selfridge, John, 241 
set of residues modulo n 
complete, 64, 68 
reduced, 141, 168 
seven liberal arts, 13 
Shamir, Adi (b. 1952), 205, 213 
sieve of Eratosthenes, 44—46 
signatures for encrypted messages, 217-218 
simple finite continued fractions, 307 
See also finite continued fractions 
simple infinite continued fractions, 321, 322 
See also infinite continued fractions 
simultaneous linear congruences 
one variable, 78-81, 82, 83 
two variables, 81-82, 83, 84 
Skewes number, 381 
Skewes, Stanley (1899-1988), 381 
smallest positive primitive roots, 156, 393 
sociable chains, 237 
Sophia Dorothea (Queen Mother of 
Prussia), 130 
square-free numbers 
Euler’s phi-function @(n) and, 135 
Fermat numbers as, 242-243 


number of divisors t(n) and, 110 
properties of, 44 
pseudoprimes as, 91-92 
square-full numbers, 44 
square numbers 
divisibility relations, 19, 25 
final digits of, 102 
as mean of twin primes, 59 
properties of, 15, 16 
sum and number of divisors and, 110 
square/rectangle geometric deception, 
293-294 
square roots, continued fractions and, 307 
squares of numbers, division algorithm 
applications, 18, 19 
Standards Western Automatic Computer 
(SWAC), 232 
Steuerwald, R., 232 
story problems. See puzzle problems 
straightedge and compass constructions, 
62-63, 238-239, 243 
strong pseudoprime numbers, 371 
subset sum (knapsack) problems, 
209-211 
sum of cubes, 272, 278 
sum of divisors a(n) 
amicable numbers and, 234 
basic properties, 103-107, 111 
defined, 103 
Euler’s phi-function @(n) and, 135 
greatest integer function and, 120-121 
as multiplicative function, 108-110 
perfect numbers and, 221-222 
table of, 407-408 
sum of fifth powers, 278, 279 
sum of four squares, 263, 273-278 
sum of fourth powers, 278, 279 
sum of n nth powers, 279 
sum of three squares, 272-273 
sum of two squares, 270-271, 272 
Sun-Tsu (c. 250), 79, 80 
superincreasing sequences, 210 
superperfect numbers, 227 
SWAC (Standards Western Automatic 
Computer), 232 
Swiss Society of Natural Sciences, 131 
Sylvester, James Joseph (1814-1897), 58, 
234 
symbols. See notation and symbols 
Synopsis of Pure Mathematics (Carr), 303 
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systems of congruences. See simultaneous 
linear congruences 


t(n). See number of divisors 
Tchebycheff, Pafnuty L. (1821-1894), 48, 
53, 379 
te Riele, Herman, 116 
terminating zeros in factorials, 118, 121 
Thabit ibn Qurrah (c. 836-901), 235, 237 
Theon of Alexandria (4th cent. A.D.), 15 
Théorie des Fonctions Analytique 
(Lagrange), 262-263 
Théorie des Nombres (Legendre), 175, 361 
Théorie des Nombres (Lucas), 367 
theory of congruences. See congruences 
Theory of Numbers (Barlow), 231 
theory of partitions, 304-305 
three, as number, 14, 249-250 
three-primes problem, 355 
Thue, Alex (1863-1922), 264 
Thue’s lemma, 264—265 
Tijdeman, R., 258 
Torricelli, Evangelista (1608-1647), 220 
Traicté des Chiffres (Vigenére), 199 
Traité du Triangle Arithmétique (Pascal), 10 
triangles 
Pascal’s, 9 
Pythagorean, 246, 250, 257, 259, 260 
triangular numbers 
defined, 15 
divisibility relations, 26 
expressible as sum and difference of 
cubes, 281 
as mean of twin primes, 59 
properties of, 15-16 
Pythagorean triples and, 252 
as sides of Pythagorean triangles, 257 
trivium, 13 
Tsu Chung-chi (430-501), 332 
Turcaninov, A., 234 
twin prime constant, 380 
twin primes 
convergent series of, 380 
defined, 50 
Euler’s phi-function @(n) and, 135 
perfect numbers and, 227 
properties of, 50, 58, 59 
sum of divisors o(n) and, 111 
table of number of pairs of, 406 
two, as number, 14 
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gegebenen Grosse (Riemann), 380 

uniqueness of prime factorization, 41 

uniqueness of representation of integers, 
265-266, 267 
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Utriusque Arithmetices (Regius), 224 
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Verman cryptosystem, 202-203, 208 
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Vigenére, Blaise de (1523-1596), 
199-200 

Vigenére cryptosystem, 199-201, 208 

Vinogradov, Ivan M. (1891-1983), 52-53, 
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Wallis, John (1616-1703), 320, 338, 339 

Waring, Edward (1734-1798), 93-94, 278 

Waring’s problem, 278-279, 354-355 

Washington, George (1732-1799), 123 

weekday number w calculations, 125-126, 
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well-ordering principle, 1—2, 17 

Western, Alfred E. (1873-1961), 240, 241 


Wieferich, Arthur (1884-1954), 258 
Wieferich primes, 258 
Wiles, Andrew (b. 1953), 255 
Williams, H. C., 360 
Wilson, John (1741-1793), 93 
Wilson’s theorem 
defined, 93-95 
Lagrange’s theorem and, 154 
quadratic congruences and, 95-96, 97, 
173 
witnesses, for compositeness, 369 
Wolf prize, 356 
word problems. See puzzle problems 
work factors, in computerized factorization, 
206-207 


Xylander, Guilielmus (Wilhelm Holtzman) 
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Yen Kung (14th century), 38 
Yih-hing (d. 717), 83 


Zeckendorf representation, 295-296 
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congruence to, 67 
terminating, in factorials, 118, 121 
of the zeta function, 380-381 
zeta function ¢(s), 377-378 
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n factorial 
binomial coefficient 
nth triangular number 
a divides b 
a does not divide b 
greatest common divisor of a and b 
least common multiple of a and b 
product of primes not exceeding p 
nth repunit 
number of primes of the form an + b 
not exceeding x 
a is congruent to b modulon 
a is incongruent to b modulon 
base b place-value notation for an integer 
number of positive divisors of n 
sum of positive divisors of 
sum over divisors d of n 
product over divisors d of n 
number of distinct prime divisors of 
sum of sth powers of positive divisors of n 
Mobius mu function 
Mangoldt lambda function 
Liouville lambda function 
greatest integer not exceeding x 
Euler phi function 
index of a relative to r 
Legendre symbol (p prime) 
Jacobi symbol 
nth perfect number (in order of discovery) 
nth Mersenne number 
nth Fermat number 
Waring’s function for all positive integers 
Waring’s function for sufficiently large integers 
nth Fibonacci number 
(1 + V5)/2, (1 — V5)/2 
nth Lucas number 
number of partitions of n 
approximately equal 
finite simple continued fraction 
convergent of a continued fraction 
infinite continued fraction 
periodic continued fraction 
Farey fractions of order n 
number of primes not exceeding x 
total number of prime factors of n 
logarithm to base e 
logarithmic integral 
number of twin primes not exceeding x 
Euler zeta function 
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Richard Dedekind (1831-1916) 
Edouard Lucas (1842-1891) 
Allen Joseph Cunningham (1842-1928) 
Frederick Nelson Cole (1861-1927) 

David Hilbert (1862-1943) 
Axel Thue (1863-1922) 
Charles de la Vallée Poussin (1866-1962) 
Leonard Eugene Dickson (1874-1954) 
Godfrey Harold Hardy (1877-1947) 
Srinivasa Ramanujan (1887-1920) 
| Paul Erdés (1913-1996) 

Atle Selberg (1917-2007) Sts 
Andrew Wiles (193- —— a =m 


Mathematicians Prominent in the History of Number Theory 
CLASSICAL PERIOD 
—800 —600 —400 —200 BC. AD. 200 400 600 800 1000 1200 


Pythagoras (569-500 B.C.) =—_— 
Euclid (c. 350 B.C.) —_— 
Eratosthenes (276-196 B.C.) 
Nicomachus (c. 100) =—_—_ 
Diophantus (c. 250) a 
Brahmagupta (c. 625) 
Alcuin of York (735-804) 


Thabit ibn Kurrah (826-901) =— 


Fibonacci (1180-1250) 


